| 2024-11-09 | CVE-2024-10589 | The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. network low complexity CWE-862 critical | 9.8 |
| 2024-11-09 | CVE-2024-10673 | The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. | 8.8 |
| 2024-11-09 | CVE-2024-10674 | The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. | 8.8 |
| 2024-11-09 | CVE-2024-10586 | The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. network low complexity CWE-862 critical | 9.8 |
| 2024-11-09 | CVE-2024-10588 | The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. | 4.3 |
| 2024-11-06 | CVE-2024-10535 | Missing Authorization vulnerability in Martinvalchev Video Gallery for Woocommerce
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. | 5.3 |
| 2024-11-06 | CVE-2024-10543 | Missing Authorization vulnerability in Tumult Hype Animations
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. | 4.3 |
| 2024-11-06 | CVE-2024-6626 | Missing Authorization vulnerability in Theinnovs Eleforms
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. | 5.3 |
| 2024-11-05 | CVE-2024-7429 | Missing Authorization vulnerability in Katieseaborn Zotpress
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. | 4.3 |
| 2024-11-01 | CVE-2024-37204 | Missing Authorization vulnerability in Wp-Property-Hive Propertyhive
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9. | 4.3 |