CVE-2024-37921

CVE-2024-37921 corresponds to a WordPress plugin vulnerability in Chained Quiz (WordPress Plugin) versions up to 1.3.2.8, described as a Missing Authorization / Broken Access Control issue. The root cause is incorrectly configured access control security levels, enabling unauthenticated users to ...

CVE-2024-37517

CVE-2024-37517 is a Missing Authorization vulnerability in Spectra (WordPress Gutenberg Blocks by Ultimate Addons for Gutenberg) affecting Spectra up to version 2.13.7. The issue enables unauthorized actions due to misconfigured access controls (Missing Authorization to generate_ai_content). Publ...

CVE-2024-37929

CVE-2024-37929 is a Missing Authorization vulnerability in the Solwin User Activity Log Pro WordPress plugin, affecting versions up to and including 2.3.4. Public sources describe an incorrect access control configuration enabling unauthorized access to certain functionality. The CVE record lists...

CVE-2024-38695

CVE-2024-38695 documents a Missing Authorization vulnerability in the WordPress plugin WP GoToWebinar . The issue is described as an access-control misconfiguration affecting WP GoToWebinar versions up to and including 15.6, enabling exploitation due to incorrectly configured security levels. The...

CVE-2024-38695 WordPress WP GoToWebinar plugin <= 15.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6...

CVE-2024-38695 WordPress WP GoToWebinar plugin <= 15.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6...

CVE-2024-38707

CVE-2024-38707 corresponds to a Missing Authorization vulnerability in WPDeveloper EmbedPress for WordPress. The issue arises from broken access control that could allow unauthorized access to restricted operations in EmbedPress versions up to 4.0.4. CVSS v3.1 data from the provided sources indic...

CVE-2024-38707 WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4...

CVE-2024-38719

CVE-2024-38719 is a real, publicly documented vulnerability affecting the WordPress plugin Creative Motion Auto Featured Image (Auto Post Thumbnail) up to version 4.1.2 . The root cause is a Missing/Incorrectly Configured Authorization that allows exploitation of access control weaknesses in the ...

CVE-2024-38714

CVE-2024-38714 concerns WP Fast Total Search (Epsiloncool) with Missing Authorization due to incorrectly configured access control levels. Affected versions are WP Fast Total Search 1.68.232 and earlier. Public details in connected sources indicate the attack surface involves unauthorized access ...

CVE-2024-38721

CVE-2024-38721 is a Missing Authorization vulnerability in the WordPress plugin EazyDocs by spider-themes. Multiple connected sources corroborate that it concerns broken access control allowing unauthorized access due to misconfigured security levels, affecting EazyDocs versions up to 2.5.0. The ...

CVE-2024-38727

CVE-2024-38727 is a Missing Authorization (broken access control) vulnerability affecting the Seraphinite Post .DOCX Source WordPress plugin. The public record indicates the issue exists in Seraphinite Post .DOCX Source versions from unknown/n/a through 2.16.9 and does not provide product-specifi...

CVE-2024-38777

CVE-2024-38777 is a Missing Authorization / Broken Access Control vulnerability in CreativeMotion Titan Anti-spam & Security (WordPress Titan Anti-spam & Security) affecting versions up to 7.3.6. Exploitation could arise from incorrectly configured access control levels, enabling unauthorized act...

CVE-2024-38777 WordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6...

CVE-2024-39635

CVE-2024-39635 describes a Broken Access Control vulnerability in the WordPress plugin Youzify, caused by missing authorization. Affected versions are Youzify up to 1.2.6. Patchstack and related sources indicate the fix is in version 1.2.8. Suggested remediation: update to Youzify 1.2.8 or later ...

CVE-2024-39640

CVE-2024-39640: WordPress WP Social Feed Gallery (insta-gallery)

CVE-2024-39639

CVE-2024-39639 affects WordPress File Upload plugin (≤4.24.7). Root cause is Broken Access Control, with Patchstack noting CSRF involvement. Impact is reported as low to medium (CVSS 3.5–4.3 range); patched in version 4.24.8. No exploitation status provided in the sources; monitor for updates fro...

CVE-2024-39654 WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...

CVE-2024-39654

CVE-2024-39654 concerns WordPress Sign-up Sheets plugin (versions

CVE-2024-43119

CVE-2024-43119 is a Missing Authorization vulnerability in Aruba HiSpeed Cache (WordPress plugin) affecting 2.0.12 and earlier. The vulnerability arises from incorrectly configured access control security levels. CVSS 3.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) indicates network access with low pri...