| 2025-01-07 | CVE-2024-56273 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging
Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | 9.8 |
| 2025-01-07 | CVE-2024-12719 | Missing Authorization vulnerability in Iptanus Wordpress File Upload
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. | 4.3 |
| 2025-01-07 | CVE-2024-10866 | The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. | 5.3 |
| 2025-01-07 | CVE-2024-12202 | The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. | 8.8 |
| 2025-01-07 | CVE-2024-11725 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. | 8.8 |
| 2025-01-07 | CVE-2024-12781 | The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. | 4.3 |
| 2025-01-07 | CVE-2024-10536 | The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. | 4.3 |
| 2025-01-07 | CVE-2024-12535 | The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. | 8.6 |
| 2025-01-07 | CVE-2024-9697 | Missing Authorization vulnerability in Wpsocialrocket Social Rocket
The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. | 5.3 |
| 2025-01-07 | CVE-2024-10527 | The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. | 3.1 |