2024-11-13 | CVE-2024-10853 | Missing Authorization vulnerability in Zixn BUY ONE Click Woocommerce The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. | 4.3 |
2024-11-13 | CVE-2024-10854 | Missing Authorization vulnerability in Zixn BUY ONE Click Woocommerce The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. | 4.3 |
2024-11-09 | CVE-2024-10589 | The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. network low complexity CWE-862 critical | 9.8 |
2024-11-09 | CVE-2024-10673 | The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. | 8.8 |
2024-11-09 | CVE-2024-10674 | The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. | 8.8 |
2024-11-09 | CVE-2024-10294 | The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. | 6.5 |
2024-11-09 | CVE-2024-10586 | The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. network low complexity CWE-862 critical | 9.8 |
2024-11-09 | CVE-2024-10588 | The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. | 4.3 |
2024-11-06 | CVE-2024-10535 | Missing Authorization vulnerability in Martinvalchev Video Gallery for Woocommerce The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. | 5.3 |
2024-11-06 | CVE-2024-10543 | Missing Authorization vulnerability in Tumult Hype Animations The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. | 4.3 |