| 2024-10-26 | CVE-2024-10402 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. | 7.5 |
| 2024-10-26 | CVE-2024-10092 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. | 4.3 |
| 2024-10-25 | CVE-2024-9584 | Missing Authorization vulnerability in Webcraftplugins Image MAP PRO
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. | 5.4 |
| 2024-10-25 | CVE-2024-9628 | The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::check?onnection' function in versions up to, and including, 4.5.4. | 6.3 |
| 2024-10-25 | CVE-2024-9630 | The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. | 5.4 |
| 2024-10-25 | CVE-2024-9109 | Missing Authorization vulnerability in Octolize Woocommerce UPS Shipping
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. | 4.3 |
| 2024-10-25 | CVE-2024-9686 | Missing Authorization vulnerability in Choplugins Order Notification for Telegram
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. | 5.3 |
| 2024-10-24 | CVE-2024-49357 | Missing Authorization vulnerability in Zimaspace Zimaos
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. | 7.5 |
| 2024-10-24 | CVE-2024-48932 | Missing Authorization vulnerability in Zimaspace Zimaos
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. | 5.3 |
| 2024-10-24 | CVE-2024-8667 | The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. | 4.3 |