CVE-2024-37119

CVE-2024-37119 concerns Uncanny Automator Pro for WordPress. The connected sources indicate a Missing Authorization vulnerability that can allow an unauthenticated actor to reset license settings due to misconfigured access controls, affecting Uncanny Automator Pro up to version 5.3.0.0 (and rela...

CVE-2024-37123

The CVE-2024-37123 entry concerns the WordPress Ibtana plugin (WordPress Plugin Ibtana/IBTana Visual Editor) with versions

CVE-2024-37123 WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3...

CVE-2024-37203 WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9...

CVE-2024-37204

CVE-2024-37204 — WordPress PropertyHive plugin

CVE-2024-37207

CVE-2024-37207 affects Theme4Press Demo Awesome (WordPress plugin) up to version 1.0.2. Described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access levels, enabling unauthorized access to restricted functionality. Affected range: n/a through 1.0...

CVE-2024-37207 WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2...

CVE-2024-37207 WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2...

CVE-2024-37214

CVE-2024-37214 affects WordPress plugin AliExpress Dropshipping with AliNext Lite (Ali2Woo Lite) ≤ 3.3.5. Reported as Missing Authorization with Stored XSS due to incorrectly configured access control. PTSecurity recommends updating to a version later than 3.3.5; Wordfence and PatchStack notes co...

CVE-2024-37220

CVE-2024-37220 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin Optinly by OptinlyHQ. It affects Optinly versions available up to and including 1.0.18 (n/a through 1.0.18 in the initial description). The issue stems from incorrectly configured access...

CVE-2024-37218

CVE-2024-37218 describes a Missing Authorization vulnerability in WordPress Page Builder Sandwich – Front-End Page Builder (Page Builder Sandwich) up to version 5.1.0. The issue stems from incorrectly configured access control security levels, enabling unauthorized access to protected functionali...

CVE-2024-37218 WordPress Page Builder Sandwich <= 5.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Builder: from n/a through 5.1.0...

CVE-2024-37232

CVE-2024-37232 is a Missing Authorization vulnerability in Hercules Core (affected: versions n/a through 6.5) that allows exploitation through misconfigured Access Control settings, enabling unauthorized updates to core settings. The issue originates from an authority check flaw that fails to pro...

CVE-2024-37254 WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7...

CVE-2024-37232 WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5...

CVE-2024-37254

CVE-2024-37254 is a confirmed Missing Authorization vulnerability in the WordPress WP File Manager plugin (wp-file-manager), affecting versions up to and including 7.2.7. The issue involves incorrectly configured access control (Broken Access Control), which can permit unauthorized actions on the...

CVE-2024-37269

CVE-2024-37269 describes a Missing Authorization flaw in the WordPress plugin Masterstudy Elementor Widgets up to version 1.2.2 . The vulnerability is reported as an unauthenticated/broken access control issue, meaning an attacker could access restricted data or functions without credentials, as ...

CVE-2024-37269 WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2...

CVE-2024-37276

CVE-2024-37276 concerns the WordPress plugin Featured Image from URL (FIFU). Public records show a Missing Authorization vulnerability allowing exploitation of incorrectly configured access control security levels in the FIFU component that handles Featured Image from URL. Affected versions are l...

CVE-2024-37415

CVE-2024-37415 – E2Pdf WordPress Plugin Missing Authorization (Mode C details) Affected software: WordPress plugin E2Pdf – Export To Pdf Tool for WordPress, versions from n/a up to and including 1.20.27. Root cause / vulnerability class: Missing Authorization vulnerability (broken access control)...