1162 matches found
CVE-2024-43285 WordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2...
CVE-2024-43296
CVE-2024-43296: WordPress HTML5 Video Player (bPlugins Flash & HTML5 Video) has a Missing Authorization flaw affecting versions up to 2.5.30. Exploitation involves unauthorized access due to misconfigured access control, potentially exposing videos. CVSS v3.1 metrics indicate high impact to confi...
CVE-2024-43296 WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30...
CVE-2024-43298
CVE-2024-43298 pertains to the WordPress plugin “Clone” (WP Clone by WP Academy). Connected documents confirm a Missing Authorization / Broken Access Control vulnerability in Clone versions n/a through 2.4.5. The CVSS data from NVD indicates high impact (C, I, A high) with network attack vector a...
CVE-2024-43297
CVE-2024-43297 : The Red Hat/WordPress vulnerability description indicates a Missing Authorization (Broken Access Control) flaw in the WordPress Clone plugin up to version 2.4.5, allowing unauthorized access due to misconfigured access control. The description does not specify an affected vendor/...
CVE-2024-43302
CVE-2024-43302 is a Missing Authorization vulnerability in the Fonts Plugin (Fonts) for WordPress, affecting versions up to 3.7.7. The issue involves incorrect access control that allows exploitation via unauthorized access to protected resources. The public references indicate an official vulner...
CVE-2024-43312
CVE-2024-43312 concerns WPC Frequently Bought Together for WooCommerce. A Missing Authorization vulnerability allows exploitation of incorrectly configured access control, affecting versions up to 7.1.9. Red Hat and other sources reference the same issue. Mitigation in public docs indicates upgra...
CVE-2024-43310 WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9...
CVE-2024-43310
CVE-2024-43310 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin “Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce” (also seen as UkrSolution Print Barcode Labels for your WooCommerce). Affected versions...
CVE-2024-43314
CVE-2024-43314 affects WordPress Asset CleanUp: Page Speed Booster (versions up to 1.3.9.3). Root cause: Missing/Incorrectly configured access control (Missing Authorization) enabling unauthorized access to assets. Impact: High (as per NVD CVSS 3.1 base score 8.8, high confidentiality, integrity,...
CVE-2024-43314 WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3...
CVE-2024-43332
CVE-2024-43332 is a Missing Authorization vulnerability in the WordPress Photo Engine (WPLR-Sync) plugin, affecting Photo Engine versions n/a through 6.4.0. The issue stems from incorrectly configured access control, enabling unauthorized access to protected resources. Public references note High...
CVE-2024-43355
CVE-2024-43355 is a Missing Authorization vulnerability in the WordPress plugin JoomSport (BearDev) for Sports: Team & League. Affects JoomSport versions up to and including 5.3.0; root cause is misconfigured Access Control Security Levels, enabling unauthorized access. CVSSv3.1 base score 8.8 (N...
CVE-2024-43928
CVE-2024-43928 is reported as a Missing Authorization vulnerability in the WordPress JobSearch WP Job Board plugin (
CVE-2024-43925
CVE-2024-43925 describes a Missing Authorization vulnerability in the Envira Gallery WordPress plugins (Envira Gallery Lite / Envira Photo Gallery) affecting versions up to and including 1.8.14. The issue arises from incorrectly configured access control/security levels, enabling a bypass of auth...
CVE-2024-43928 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4...
CVE-2024-43932
CVE-2024-43932 is a Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite. The issue arises from incorrectly configured access control security levels, allowing unauthorized actions. Affected: The Plus Addons for Elementor Page Builder Lite up to version ...
CVE-2024-43937
CVE-2024-43937 corresponds to a Missing Authorization vulnerability in WP Crowdfunding (Themeum) affecting WP Crowdfunding versions n/a through 2.1.10. Connected sources (PT-2024-30798) describe the issue as an unauthorized access/configuration flaw that lets attackers enable/disable addons due t...
CVE-2024-43937 WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10...
CVE-2024-43937 WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10...