Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.2.7.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels.9.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels.2.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product allows Exploiting Incorrectly Configured Access Control Security Levels.2.15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.0.29. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The affected versions of PowerCMS allow HTTP header injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.6.29. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Server-Side Request Forgery (SSRF) vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Server Side Request Forgery.1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability was found in Kentico CMS up to 13.0.178. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form - Contact Form Plugin allows Phishing.18.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations allows Phishing.4.10. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing.5.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing.5.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce allows Phishing.7.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support to. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. Rated medium severity (CVSS 4.7).
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do. Rated medium severity (CVSS 4.7).
Server-Side Request Forgery (SSRF) vulnerability in XpeedStudio Metform allows Server Side Request Forgery.9.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
Pitchfork is a preforking HTTP server for Rack applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.io: from n/a through 7.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels.79.262. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in richplugins Trust.Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.Reviews: from n/a through 2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Tickera Tickera allows Exploiting Incorrectly Configured Access Control Security Levels.5.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Greg Ross Just Writing Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authorization Bypass Through User-Controlled Key vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels.4.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A code execution vulnerability exists in the Xiaomi shop applicationproduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in powerfulwp Gift Message for WooCommerce allows Cross Site Request Forgery.7.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce allows Cross Site Request Forgery.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Prakash Product Author for WooCommerce allows Cross Site Request Forgery.0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite allows Cross Site Request Forgery.1.3.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms allows Cross Site Request Forgery.0.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi reCAPTCHA for all allows Cross Site Request Forgery.22. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in theme funda Custom Field For WP Job Manager allows Cross Site Request Forgery.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Saso Serial Codes Generator and Validator with WooCommerce Support allows Cross Site Request Forgery.7.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in pixolette Christmas Panda allows Cross Site Request Forgery.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Soft8Soft LLC Verge3D allows Cross Site Request Forgery.8.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize allows Cross Site Request Forgery.8.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo allows Cross Site Request Forgery.1.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Nks publish post email notification allows Cross Site Request Forgery.0.2.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery.1.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible Cookies allows Cross Site Request Forgery.1.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.