| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in Jogesh Responsive Google Map responsive-google-map allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Google Map: from n/a through <= 3.1.5. |
| Missing Authorization vulnerability in CardCom CardCom Payment Gateway woo-cardcom-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CardCom Payment Gateway: from n/a through <= 3.5.0.7. |
| Missing Authorization vulnerability in Detheme DethemeKit For Elementor dethemekit-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DethemeKit For Elementor: from n/a through <= 2.1.10. |
| Due to missing authorization checks, SAP Enable
Now allows an author to escalate privileges to access information which should
otherwise be restricted. On successful exploitation, the attacker can cause
limited impact on confidentiality of the application. |
| Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through <= 1.1.5. |
| The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role. |
| Missing Authorization vulnerability in VW THEMES Ibtana ibtana-visual-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through <= 1.2.5.3. |
| The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries. |
| Missing Authorization vulnerability in Jeremy Saxey Hide WP Toolbar hide-wp-toolbar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide WP Toolbar: from n/a through <= 2.7. |
| Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49. |
| Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0. |
| Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5. |
| Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a through <= 4.3.2. |
| Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7. |
| Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.6. |
| Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29. |
| Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04. |
| Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon image-hover-effects-addon-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Hover Effects – Elementor Addon: from n/a through <= 1.4.4. |
| The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpu_add_multiple_roles_ui' and 'mrpu_save_multiple_user_roles' functions in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, granted the 'edit_users' capability, to edit any user's role, including promoting users to Administrator and demoting Administrators to lower-privileged roles. |
| Missing Authorization vulnerability in oggix Ongkoskirim.id ongkoskirim-id allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ongkoskirim.id: from n/a through <= 1.0.6. |
