CVE-2024-43119 WordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12...

CVE-2024-43119 WordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12...

CVE-2024-43122

CVE-2024-43122 describes a Missing Authorization (Broken/Incorrect Access Control) vulnerability in the Robin image optimizer WordPress plugin, affecting version 1.6.9 and earlier. The CVE notes that exploitation requires Network access with Low attack complexity and Low privileges, with potentia...

CVE-2024-43136

CVE-2024-43136 corresponds to a Missing Authorization/Broken Access Control vulnerability in the Sunshine Photo Cart WordPress plugin (Sunshine Photo Cart) affecting versions up to and including 3.2.1. Connected sources identify this as a Broken Access Control issue; the advisory notes affected s...

CVE-2024-43134

CVE-2024-43134 concerns the Waitlist Woocommerce (Back in stock notifier) plugin. The vulnerability is described as Missing Authorization due to incorrectly configured access control, affecting plugin releases up to version 2.6 (vulnerable range shown as n/a–2.6). The CVSS Base Score is MEDIUM (4...

CVE-2024-43134 WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in xootix Waitlist Woocommerce Back in stock notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce Back in stock notifier : from n/a through 2.6...

CVE-2024-43143

CVE-2024-43143 is a Missing Authorization vulnerability in the WordPress plugin Registrations for the Events Calendar (Roundup WP Registrations) affecting versions from n/a through 2.12.1. The connected sources confirm a broken access control issue allowing exploitation via misconfigured authoriz...

CVE-2024-43157

CVE-2024-43157 (WordPress FormCraft) is documented in multiple sources with concrete technical details in connected docs: FormCraft (WordPress Form Builder) versions 1.2.10 and earlier are affected by a Missing Authorization vulnerability due to incorrectly configured access control. The issue is...

CVE-2024-43154

CVE-2024-43154 is a Missing Authorization (broken access control) vulnerability in BracketSpace Advanced Cron Manager for WordPress, affecting debug & control up to version 2.5.9. Public sources indicate this plugin allows unauthorized access due to misconfigured access controls. Remediation from...

CVE-2024-43162

CVE-2024-43162 is a Missing Authorization vulnerability in WordPress Easy Digital Downloads (EDDs) plugin, affecting EDDs versions up to 3.2.12. The connected sources describe it as a Broken Access Control issue caused by Incorrectly Configured Access Control Security Levels that could enable an ...

CVE-2024-43208

CVE-2024-43208 describes a Missing Authorization vulnerability in the WordPress plugin Send Emails with Mandrill (Miller Media). Affected versions are 1.4.1 and earlier, with exploitability stemming from misconfigured access control. Public sources in the Connected documents explicitly identify t...

CVE-2024-43215

CVE-2024-43215 corresponds to a Missing Authorization vulnerability in Creativemotion Social Slider Feed for WordPress. Technical detail in connected PT-2024-30378 shows that versions through 2.2.2 are affected by broken access control enabling exploitation via misconfigured authorization. The re...

CVE-2024-43229

CVE-2024-43229 is a Missing Authorization vulnerability in the WordPress plugin WP Search Analytics (versions up to and including 1.4.9). The weakness allows exploitation of misconfigured access controls to bypass authorization, as described in multiple sources. Technical details from the connect...

CVE-2024-43235

CVE-2024-43235 concerns Meta Box – WordPress Custom Fields Framework. Several connected sources confirm a Missing Authorization vulnerability (broken access control) affecting the Meta Box plugin up to version 5.9.10. The CVSS 3.1 base metrics show Network attack vector, Low attack complexity, Pr...

CVE-2024-43235 WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

CVE-2024-43260

CVE-2024-43260 refers to a Missing Authorization vulnerability in the WordPress plugin Clearfy Cache. Public sources indicate affected versions up to 2.2.4 and describe an incorrectly configured access control that could enable unauthorized access. The provided connected documents do not specify ...

CVE-2024-43254

CVE-2024-43254 affects the WordPress plugin Clover Online Orders (Smart Online Order for Clover). The connected docs identify a Missing Authorization issue due to misconfigured access control in Smart Online Order for Clover up to version 1.5.6. The Wordfence/CVE entries note the vulnerability as...

CVE-2024-43254 WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through = 1.5.6...

CVE-2024-43254 WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through = 1.5.6...

CVE-2024-43273

CVE-2024-43273 involves Icegram Collect (WordPress plugin) with a Missing Authorization vulnerability in access control for versions up to and including 1.3.14. Public sources in connected docs identify it as a broken/incorrectly configured authorization issue that can enable unauthorized access ...