| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3. |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload mp4 files to the 'wp-content/uploads/<YYYY>/<MM>/' directory. |
| Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99. |
| The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the RulesAjaxController class in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to update pop-up display settings. |
| The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the
web based building automation server. |
| An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied. |
| The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber level access and above, to read plugin settings including block visibility, maintenance mode configuration, and third-party email marketing API keys, as well as read sensitive configuration data including API keys for email marketing services. |
| Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61. |
| Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin: from n/a through 2.2.0. |
| Missing Authorization vulnerability in Torod Company for Information Technology Torod torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through <= 1.7. |
| Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through <= 3.5.6. |
| Missing Authorization vulnerability in Eric Sloan Popup Surveys & Polls for WordPress (Mare.io) popup-surveys allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through <= 1.36. |
| Missing Authorization vulnerability in ksher thailand Ksher ksher-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through <= 1.1.1. |
| Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1. |
| Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1. |
| Missing Authorization vulnerability in WP Royal Ashe Extra ashe-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through <= 1.2.92. |
| Missing Authorization vulnerability in Juni Hestia Nginx Cache hestia-nginx-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through <= 2.4.0. |
| Missing Authorization vulnerability in supsystic Data Tables Generator by Supsystic data-tables-generator-by-supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through <= 1.10.36. |
| Missing Authorization vulnerability in Stiofan AyeCode Connect ayecode-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AyeCode Connect: from n/a through <= 1.3.8. |
| Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through <= 1.5.20. |
