| 2024-11-09 | CVE-2024-10673 | The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. | 8.8 |
| 2024-11-09 | CVE-2024-10674 | The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. | 8.8 |
| 2024-11-09 | CVE-2024-10294 | The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. | 6.5 |
| 2024-11-09 | CVE-2024-10586 | The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. network low complexity CWE-862 critical | 9.8 |
| 2024-11-09 | CVE-2024-10588 | The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. | 4.3 |
| 2024-11-06 | CVE-2024-10535 | Missing Authorization vulnerability in Martinvalchev Video Gallery for Woocommerce
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. | 5.3 |
| 2024-11-06 | CVE-2024-10543 | Missing Authorization vulnerability in Tumult Hype Animations
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. | 4.3 |
| 2024-11-06 | CVE-2024-6626 | Missing Authorization vulnerability in Theinnovs Eleforms
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. | 5.3 |
| 2024-11-05 | CVE-2024-7429 | Missing Authorization vulnerability in Katieseaborn Zotpress
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. | 4.3 |
| 2024-11-01 | CVE-2024-43293 | Missing Authorization vulnerability in Wpzoom Recipe Card Blocks for Gutenberg & Elementor
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. | 8.8 |