| 2024-11-09 | CVE-2024-10693 | The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. | 4.3 |
| 2024-11-09 | CVE-2024-9262 | The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. | 6.5 |
| 2024-10-29 | CVE-2024-10452 | Authorization Bypass Through User-Controlled Key vulnerability in Grafana 10.4.0
Organization admins can delete pending invites created in an organization they are not part of. | 2.7 |
| 2024-10-29 | CVE-2024-7473 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. | 6.5 |
| 2024-10-28 | CVE-2024-50483 | Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. | 9.8 |
| 2024-10-28 | CVE-2024-10439 | Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. | 7.5 |
| 2024-10-26 | CVE-2024-9637 | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. | 8.8 |
| 2024-10-18 | CVE-2024-10121 | Authorization Bypass Through User-Controlled Key vulnerability in Riskengine Radar
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. | 9.8 |
| 2024-10-17 | CVE-2024-9215 | The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. | 8.8 |
| 2024-10-17 | CVE-2024-9862 | Authorization Bypass Through User-Controlled Key vulnerability in Miniorange OTP Verification With Firebase
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. | 9.8 |