| 2024-10-16 | CVE-2020-36833 | The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. | 6.3 |
| 2024-10-16 | CVE-2020-36834 | The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. | 6.3 |
| 2024-10-16 | CVE-2020-36837 | The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. network low complexity CWE-862 critical | 9.9 |
| 2024-10-16 | CVE-2021-4445 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. | 6.5 |
| 2024-10-16 | CVE-2021-4446 | Missing Authorization vulnerability in Wpdeveloper Essential Addons for Elementor
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. | 4.3 |
| 2024-10-16 | CVE-2021-4448 | Missing Authorization vulnerability in Kaswara Project Kaswara 3.0.1
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. | 9.8 |
| 2024-10-16 | CVE-2022-4972 | Missing Authorization vulnerability in Wpchill Download Monitor
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. | 7.5 |
| 2024-10-16 | CVE-2022-4974 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. | 6.3 |
| 2024-10-16 | CVE-2023-7287 | Missing Authorization vulnerability in Paytium
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. | 5.4 |
| 2024-10-16 | CVE-2023-7288 | Missing Authorization vulnerability in Paytium
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. | 4.3 |