Lucene search
+L

342 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:18 a.m.8 views

CVE-2023-51503

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...

7.5CVSS7.8AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.20 views

CVE-2023-51488

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11...

7.1CVSS7AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.12 views

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

9.1CVSS6.7AI score0.0166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 6:54 p.m.16 views

CVE-2024-56006

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...

5.3CVSS8.6AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 6:54 p.m.13 views

CVE-2024-51666

Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...

4.3CVSS7.2AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2025/05/15 7:15 p.m.26 views

CVE-2024-56006

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...

5.3CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/05/15 7:15 p.m.24 views

CVE-2024-51666

Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...

4.3CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/15 6:27 p.m.9 views

CVE-2024-51666 WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...

4.3CVSS7.2AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/15 6:27 p.m.33 views

CVE-2024-51666 WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...

4.3CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 6:27 p.m.29 views

CVE-2024-51666

CVE-2024-51666 applies to the WordPress Tours plugin (Tours) versions n/a through 1.0.0, describing a Missing Authorization / Broken Access Control vulnerability. The CVE entry records a base CVSS v3.1 vector of AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N with a 4.3 (Medium) impact. Connected sources ind...

4.3CVSS7.2AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/15 6:24 p.m.11 views

CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...

5.3CVSS7.2AI score0.00267EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 6:24 p.m.39 views

CVE-2024-56006

CVE-2024-56006 is a Missing Authorization (Broken Access Control) vulnerability in Automattic Jetpack Debug Tools for WordPress. Affected versions are prior to 2.0.1; the issue enables unauthenticated access to the Jetpack Debug Tools functionality. The CVSS base score is 5.3 (Network attack, no ...

5.3CVSS8.6AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21352 · Automattic · Automattic Tours

Name of the Vulnerable Software and Affected Versions: Automattic Tours versions n/a through 1.0.0 Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized access to certain featur...

4.3CVSS5.3AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.10 views

PT-2025-21353 · Automattic · Jetpack Debug Tools

Name of the Vulnerable Software and Affected Versions: Automattic Jetpack Debug Tools version prior to 2.0.1 Description: A Missing Authorization issue affects the Jetpack Debug Tools, allowing potential unauthorized access. Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or...

5.3CVSS6.2AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/29 10:42 p.m.16 views

CVE-2025-22740

Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through = 4.24.4...

5.3CVSS7.2AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 10:15 p.m.16 views

CVE-2025-22740

Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through = 4.24.4...

5.3CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 9:20 p.m.60 views

CVE-2025-22740

CVE-2025-22740 (Sensei LMS) is a Missing Authorization vulnerability affecting Sensei LMS versions up to 4.24.4. Public details indicate an authorization gap that could allow access to restricted actions/resources. The vulnerability is listed as patched by Wordfence (patched status) and the CVSS ...

5.3CVSS7.2AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 4:15 p.m.18 views

CVE-2025-26762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 9.7.0...

5.9CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/27 3:52 p.m.10 views

CVE-2025-26762 WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 9.7.0...

5.9CVSS8.6AI score0.00202EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-31111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue...

6.5CVSS5.4AI score0.00318EPSS
Exploits0References2
Rows per page
Query Builder