182 matches found
PT-2025-23945 · Unknown · Bdthemes Element Pack Pro
Name of the Vulnerable Software and Affected Versions: BdThemes Element Pack Pro versions prior to 8.0.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions prior t...
CVE-2025-22561
Missing Authorization vulnerability in kbowson Title Experiments Free wp-experiments-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through = 9.0.4...
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
CVE-2023-41690
Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5...
CVE-2025-22287 WordPress LTL Freight Quotes – FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition ltl-freight-quotes-freightquote-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through = 2.3.1...
CVE-2025-48079
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through = 5.9.5.1...
Ensure That the Security Level of the Global Encryption Policy Is Not Lower than DEFAULT
The global encryption/decryption policy of the system is used to specify the algorithms supported by the encryption and decryption components. You can change the preset security policy level by modifying the /etc/crypto-policies/config configuration file to change the algorithm set that can be us...
WordPress plugin Advanced File Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A lack of authorization vulnerability exists in the WordPress Advanced File Manager plugin that stems from a lack of authorization and can be exploited by an attacker to modify...
CVE-2025-39522
CVE-2025-39522 describes a Missing Authorization vulnerability in the WordPress plugin Dynamic Post , allowing an attacker to exploit an incorrectly configured access control to change settings. Affected software: Dynamic Post versions up to 4.10 (per the CVE description). Root cause: lack of pr...
CVE-2025-26888
CVE-2025-26888 is a Missing Authorization vulnerability in WooCommerce Multilingual & Multicurrency with WPML (affected: WooCommerce Multilingual & Multicurrency
CVE-2025-30887
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.2.9...
CVE-2025-30828
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through = 1.0.29...
CVE-2025-30896 WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through = 1.13.4...
CVE-2025-23534
Missing Authorization vulnerability in Mark Winiarski WPLingo wplingo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLingo: from n/a through = 1.1.2...
GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches
Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...
CVE-2023-47225
Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through = 1.6.8...
CVE-2023-46195 WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through = 1.3.1...
CVE-2024-54311 WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in i.lychkov Mark New Posts mark-new-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through = 7.5.1...
CVE-2024-54241
CVE-2024-54241 concerns a Missing Authorization vulnerability in the WordPress plugin Elite Notification – Sales Popup, Social Proof, FOMO & WooCommerce Notification. Affected versions are listed as 1.5 through n/a; description specifies an incorrectly configured access control. Exploitation stat...
CVE-2024-43142 WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3...