Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5059
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a up to and including 1.4.0.
NA
CVE-2024-35776
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a up to and including 5.0.
5.3
CVSSv3
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes...
NA
CVE-2023-3352
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resm...
5.3
CVSSv3
CVE-2024-3610
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated malicious users t...
4.3
CVSSv3
CVE-2024-1955
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated atta...
6.5
CVSSv3
CVE-2024-1639
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated...
NA
CVE-2023-25646
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.
5.4
CVSSv3
CVE-2024-3627
The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This m...
4.3
CVSSv3
CVE-2024-3602
The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »