Skip to main content
CVE-2024-54267 MEDIUM This Month

Missing Authorization vulnerability in CreativeMindsSolutions CM Answers cm-answers allows Exploiting Incorrectly Configured Access Control Security Levels.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41689 MEDIUM This Month

Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) post-to-google-my-business allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-54298 MEDIUM This Month

Missing Authorization vulnerability in sminozzi Car Dealer cardealer allows Exploiting Incorrectly Configured Access Control Security Levels.46. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-54278 MEDIUM This Month

Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor news-ticker-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41869 MEDIUM This Month

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) wp-accessibility-helper allows Exploiting Incorrectly Configured Access Control Security Levels.6.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41865 MEDIUM This Month

Missing Authorization vulnerability in bqworks Slider Pro sliderpro allows Exploiting Incorrectly Configured Access Control Security Levels.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-36518 MEDIUM This Month

Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter post-hit-counter allows Exploiting Incorrectly Configured Access Control Security Levels.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-32574 MEDIUM This Month

Missing Authorization vulnerability in Fahad Mahmood Injection Guard injection-guard allows Exploiting Incorrectly Configured Access Control Security Levels.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-40001 MEDIUM This Month

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.1.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-28990 MEDIUM This Month

Missing Authorization vulnerability in hashthemes Viral Mag viral-mag allows Exploiting Incorrectly Configured Access Control Security Levels.0.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-35052 MEDIUM This Month

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.5.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-54306 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in aitool AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot ai-seo-translator allows Cross Site Request Forgery.6.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-46811 MEDIUM This Month

Missing Authorization vulnerability in VillaTheme ALD - Dropshipping and Fulfillment for AliExpress and WooCommerce woo-alidropship allows Exploiting Incorrectly Configured Access Control Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-46807 MEDIUM This Month

Missing Authorization vulnerability in WP Trio Stock Sync for WooCommerce stock-sync-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41873 MEDIUM This Month

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On miniorange-saml-20-single-sign-on allows Exploiting Incorrectly Configured Access Control Security Levels.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41132 MEDIUM This Month

Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce woo-category-slider-grid allows Exploiting Incorrectly Configured Access Control Security Levels.4.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-40670 MEDIUM This Month

Missing Authorization vulnerability in ReviewX ReviewX reviewx allows Exploiting Incorrectly Configured Access Control Security Levels.6.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-40331 MEDIUM This Month

Missing Authorization vulnerability in bqworks Accordion Slider accordion-slider allows Exploiting Incorrectly Configured Access Control Security Levels.9.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-39995 MEDIUM This Month

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects portfolio-and-projects allows Exploiting Incorrectly Configured Access Control Security Levels.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-38477 MEDIUM This Month

Missing Authorization vulnerability in stasionok QR code MeCard/vCard generator wp-qrcode-me-v-card allows Exploiting Incorrectly Configured Access Control Security Levels.6.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-37984 MEDIUM This Month

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.1.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34387 MEDIUM This Month

Missing Authorization vulnerability in Constant Contact Constant Contact Forms constant-contact-forms allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-34009 MEDIUM This Month

Missing Authorization vulnerability in Inisev Social Media & Share Icons ultimate-social-media-icons allows Exploiting Incorrectly Configured Access Control Security Levels.8.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-33928 MEDIUM This Month

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32599 MEDIUM This Month

Missing Authorization vulnerability in sminozzi reCAPTCHA for all recaptcha-for-all allows Exploiting Incorrectly Configured Access Control Security Levels.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32586 MEDIUM This Month

Missing Authorization vulnerability in TM Soundcloud Is Gold soundcloud-is-gold allows Exploiting Incorrectly Configured Access Control Security Levels.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-32519 MEDIUM This Month

Missing Authorization vulnerability in WebCodin WCP Contact Form wcp-contact-form allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47176 MEDIUM This Month

Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47168 MEDIUM This Month

Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-54321 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support hive-support allows Cross Site Request Forgery.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-33998 MEDIUM This Month

Missing Authorization vulnerability in CyberNetikz Easy Social Icons easy-social-icons allows Exploiting Incorrectly Configured Access Control Security Levels.2.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41802 MEDIUM This Month

Missing Authorization vulnerability in Rajat Varlani Super Socializer super-socializer allows Exploiting Incorrectly Configured Access Control Security Levels.13.54. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-54307 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in aipost AIcomments aicomments allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-54300 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Basar Ventures AutoWP autowp-ai-content-writer-rewriter allows Cross Site Request Forgery.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-33995 MEDIUM This Month

Missing Authorization vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.8.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-27456 MEDIUM This Month

Missing Authorization vulnerability in hashthemes Total total allows Exploiting Incorrectly Configured Access Control Security Levels.1.19. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-38514 MEDIUM This Month

Missing Authorization vulnerability in Inisev Social Share Icons & Social Share Buttons ultimate-social-media-plus allows Exploiting Incorrectly Configured Access Control Security Levels.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-12414 MEDIUM PATCH This Month

The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Store Locator
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11911 MEDIUM PATCH This Month

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Crowdfunding
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-11275 MEDIUM This Month

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-12300 LOW Monitor

The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to,. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress PHP File Upload
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2023-41695 LOW Monitor

Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2022-45819 LOW Monitor

Missing Authorization vulnerability in Daniel Iser Popup Maker popup-maker allows Exploiting Incorrectly Configured Access Control Security Levels.17.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.2%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy