1378 matches found
CVE-2023-51507
Technical details about CVE-2023-51507 are not provided in the supplied documents. No explicit affected versions beyond 8.1.16 or remediation steps are listed; monitor for updates.
CVE-2023-51516
CVE-2023-51516 is a Missing Authorization vulnerability (Broken Access Control) affecting the WordPress plugin “Business Directory Plugin – Easy Listing Directories for WordPress” up to version 6.3.9. The root cause, per provided documents, is a dispatch-related authorization issue. Connected sou...
CVE-2023-51523
CVE-2023-51523 is a Missing Authorization (Broken Access Control) vulnerability affecting the WordPress plugin WooCommerce Easy Duplicate Product (
CVE-2023-40603
CVE-2023-40603 affects the WordPress plugin Simple Org Chart (versions up to and including 2.3.4). The root cause is Missing Authorization (Broken Access Control) allowing unauthenticated access to tree settings. The vulnerability is currently unpatched in the sources provided (no fixed version i...
CVE-2023-41240
CVE-2023-41240 concerns the WordPress plugin Pricing Deals for WooCommerce . Affected versions are up to 2.0.3.2 and the issue is described as Missing Authorization / Broken Access Control . It allows an unauthenticated user to exploit a lack of authorization (e.g., via the vtprd_ajax_clone_rule ...
CVE-2023-44234
CVE-2023-44234 affects the WordPress WP GPX Maps plugin (WP GPX Maps) up to version 1.7.08. Root cause: Missing Authorization (Broken Access Control) allows access to resources without proper permission validation. Documented severity is low (CVSS ~4.3). Public references indicate the vulnerabili...
CVE-2023-47845
CVE-2023-47845 describes a CSRF vulnerability in the WordPress plugin Grab & Save (versions
CVE-2023-47828
CVE-2023-47828 affects the WordPress wpMandrill plugin. Public documents identify a Missing Authorization/Broken Access Control via getAjaxStats in wpMandrill versions up to and including 1.33, allowing authenticated users (subscriber level and above) to access mailing statistics. Affected softwa...
CVE-2023-51526
CVE-2023-51526 is a Missing Authorization vulnerability in the WordPress plugin Simple Staff List (affected: up to version 2.2.4). The connected data confirm the issue arises from missing authorization for specific admin actions, notably via ajax_flush_rewrite_rules and staff_member_export, allow...
CVE-2023-51680
Summary: CVE-2023-51680 affects the WordPress plugin “Quotes for WooCommerce.” The root cause is missing authorization checks leading to Broken Access Control in AJAX actions. The vulnerability exists in versions up to and including 2.0.1 and can allow manipulation of quotes by authenticated user...
CVE-2023-52117
Technical details for CVE-2023-52117 are not provided in the connected documents. According to the initial description, this is a Missing Authorization vulnerability affecting ProfileGrid
CVE-2023-52177
CVE-2023-52177 affects the WordPress plugin Integrate Google Drive by SoftLab with Missing Authorization (Broken Access Control) in versions from n/a to 1.3.3. The available sources confirm affected software and root cause, but provide no public details on exploit vectors, impact beyond what’s st...
CVE-2023-48273
CVE-2023-48273 affects the WordPress plugin Preloader for Website (version
CVE-2023-52224
CVE-2023-52224 affects the WordPress plugin Revolut Gateway for WooCommerce (
CVE-2023-51682
CVE-2023-51682 : Missing Authorization vulnerability in MC4WP (Mailchimp for WordPress) affecting MC4WP
CVE-2023-51498
CVE-2023-51498 is a Missing Authorization vulnerability (Broken Access Control) in the WordPress plugin WooCommerce Canada Post Shipping , affecting versions up to 2.8.3. The connected Red Hat advisory notes the issue and confirms a patch is available (patched). No exploit details are provided in...
CVE-2023-52217
CVE-2023-52217 is a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin “WooCommerce Conversion Tracking.” Affected are versions up to 2.0.11; the issue stems from missing authorization controls in the plugin’s operations. The CVE entry notes a patch is available i...
CVE-2024-22296
CVE-2024-22296 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin 12 Step Meeting List. Public records show affected versions are 3.14.28 and earlier, with exploitation potential via an unauthenticated or improperly authorized access to the plugin...
CVE-2024-21751
CVE-2024-21751 concerns the WordPress plugin RabbitLoader up to version 2.19.13, where multiple AJAX actions lack proper authorization checks, allowing authenticated users with subscriber-level access and above to modify data (e.g., purge site cache or switch caching modes) without permission. Th...
CVE-2024-25929
CVE-2024-25929: WordPress plugin Product Catalog Enquiry for WooCommerce by MultiVendorX