| 2024-10-30 | CVE-2024-10399 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. | 4.3 |
| 2024-10-29 | CVE-2024-50455 | Missing Authorization vulnerability in Seopress 6.9
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | 8.8 |
| 2024-10-29 | CVE-2024-50456 | Missing Authorization vulnerability in Seopress 6.9
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | 8.8 |
| 2024-10-29 | CVE-2024-50459 | Missing Authorization vulnerability in Hmplugin Aidwp
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | 9.8 |
| 2024-10-29 | CVE-2024-10437 | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. | 4.3 |
| 2024-10-29 | CVE-2024-10008 | The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. | 8.8 |
| 2024-10-28 | CVE-2024-50573 | Missing Authorization vulnerability in Jetbrains HUB
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | 5.4 |
| 2024-10-26 | CVE-2024-10402 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. | 7.5 |
| 2024-10-26 | CVE-2024-10092 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. | 4.3 |
| 2024-10-25 | CVE-2024-9584 | Missing Authorization vulnerability in Webcraftplugins Image MAP PRO
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. | 5.4 |