CVE-2024-43962

CVE-2024-43962: WordPress LWS Affiliation plugin (versions ≤ 2.3.4) has a Missing/Incorrect Authorization vulnerability due to broken access control. This could allow an attacker with network access to bypass authorization checks and perform unauthorized actions on the affected plugin. The provid...

CVE-2024-43968

CVE-2024-43968 covers the WordPress Newspack plugin, affected up to version 3.8.6. The issue is classified as a Broken Access Control vulnerability caused by incorrectly configured access control security levels. A fix exists in version 3.8.7. Public disclosures in multiple sources (NVD listing w...

CVE-2024-43973 WordPress GetPaid plugin <= 2.8.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stiofan GetPaid invoicing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through = 2.8.11...

CVE-2024-43973

CVE-2024-43973 affects GetPaid (WordPress plugin) by AyeCode, with Missing Authorization via column_subscription() in versions up to 2.8.11. Public records (NVD/NVD-derived CVE feeds) confirm a broken access control allowing unauthorized activity related to GetPaid’s subscription data. PT-Securit...

CVE-2024-43980

CVE-2024-43980 concerns CozyThemes Fota WP (FotaWP) with a Missing Authorization vulnerability due to incorrectly configured access control. Public sources indicate affecting Fota WP versions from n/a through 1.4.1. Multiple connected documents reference the patch status and fix guidance, noting ...

CVE-2024-43982

CVE-2024-43982 is a Missing Authorization vulnerability in WordPress plugin Login As Users (Geek Code Lab) affecting versions 1.4.3 and earlier. It enables Broken Access Control leading to account takeover. Remediation per PT-2024-30846: update to version 1.4.4 (or restrict plugin access as a tem...

CVE-2024-44006

CVE-2024-44006 affects WordPress WooCommerce Multilingual & Multicurrency (OnTheGoSystems) plugin

CVE-2024-44031

CVE-2024-44031 corresponds to a WordPress JoomSport plugin vulnerability (versions

CVE-2024-44021

CVE-2024-44021 concerns the WordPress plugin Truepush – Free Web Push Notifications (

CVE-2024-44031 WordPress JoomSport plugin <= 5.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in beardev JoomSport joomsport-sports-league-results-management.This issue affects JoomSport: from n/a through = 5.6.3...

CVE-2024-44052

CVE-2024-44052 is a Missing Authorization vulnerability affecting the WordPress HelloAsso plugin (versions up to and including 1.1.10). Root cause is incorrectly configured access control, enabling unauthorized actions per the sources. Impact/outcome is described as missing authorization; the CVS...

CVE-2024-44052 WordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in HelloAsso HelloAsso helloasso.This issue affects HelloAsso: from n/a through = 1.1.10...

CVE-2024-47317 WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84...

CVE-2024-47317

The CVE-2024-47317 entry covers a Missing Authorization/Broken Access Control issue in the WordPress plugin Ads by WPQuads (WPQuads Ads) versions up to 2.0.84. The vulnerability is due to incorrectly configured access control, enabling unauthorized access for subscribers. Patch details in the con...

CVE-2024-47361

CVE-2024-47361 – Elementor Addon Elements (WPVibes)

CVE-2024-47362 WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16...

CVE-2024-47362

CVE-2024-47362 is a Broken Access Control vulnerability in WordPress plugin Strong Testimonials (versions

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

A malvertising campaign is exploiting Meta's platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…...

CVE-2024-50419

Incorrect Authorization vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift: from n/a through = 9.7...

CVE-2024-50428

Missing Authorization vulnerability in mondula2016 Multi Step Form multi-step-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through = 1.7.21...