| 2024-11-22 | CVE-2024-11355 | The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. | 4.3 |
| 2024-11-22 | CVE-2024-11601 | The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. | 8.1 |
| 2024-11-21 | CVE-2024-10528 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. | 4.3 |
| 2024-11-21 | CVE-2024-10532 | The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. | 4.3 |
| 2024-11-21 | CVE-2024-11334 | Missing Authorization vulnerability in Nes360 MY Contador Lesr
The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. | 5.3 |
| 2024-11-21 | CVE-2024-11354 | Missing Authorization vulnerability in Codelizar Ultimate Youtube Video & Shorts Player With Vimeo
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. | 4.3 |
| 2024-11-20 | CVE-2018-9477 | Missing Authorization vulnerability in Google Android 8.0/8.1
In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. | 7.8 |
| 2024-11-20 | CVE-2018-9469 | Missing Authorization vulnerability in Google Android
In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. | 7.8 |
| 2024-11-20 | CVE-2024-10665 | The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. | 5.4 |
| 2024-11-20 | CVE-2024-10900 | Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. | 8.1 |