| 2025-01-07 | CVE-2024-12033 | Missing Authorization vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. | 4.3 |
| 2025-01-07 | CVE-2024-12316 | Missing Authorization vulnerability in Artbees Jupiter X Core
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. | 5.3 |
| 2025-01-07 | CVE-2024-12711 | The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. | 5.3 |
| 2025-01-07 | CVE-2024-56273 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging
Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | 9.8 |
| 2025-01-07 | CVE-2024-12719 | Missing Authorization vulnerability in Iptanus Wordpress File Upload
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. | 4.3 |
| 2025-01-07 | CVE-2024-10866 | The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. | 5.3 |
| 2025-01-07 | CVE-2024-12202 | The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. | 8.8 |
| 2025-01-07 | CVE-2024-11725 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. | 8.8 |
| 2025-01-07 | CVE-2024-12781 | The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. | 4.3 |
| 2025-01-07 | CVE-2024-10536 | The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. | 4.3 |