Search Results (8626 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-32804 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.
CVE-2024-42371 2026-04-15 5.4 Medium
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.
CVE-2024-45284 2026-04-15 2.4 Low
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application.
CVE-2024-45285 2026-04-15 5.4 Medium
The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.
CVE-2024-43235 2026-04-15 7.1 High
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10.
CVE-2024-43154 2 Bracketspace, Wordpress 2 Advanced Cron Manager, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9.
CVE-2024-6175 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like save_fields_settings, bup_delete_user_avatar, bup_crop_avatar_user_profile_image, and more in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates.
CVE-2023-29174 2026-04-15 6.5 Medium
Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0.
CVE-2024-3821 2026-04-15 7.3 High
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin.
CVE-2023-48683 1 Acronis 1 Cyber Protect Cloud Agent 2026-04-15 N/A
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
CVE-2025-54745 2 Miniorange, Wordpress 2 Google Authenticator, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1.
CVE-2024-6579 2026-04-15 4.3 Medium
The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change some of the plugin settings.
CVE-2024-34803 1 Fastly 1 Fastly 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
CVE-2024-43247 1 Creativeon 1 Whmpress 2026-04-15 8.8 High
Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.
CVE-2024-34820 2026-04-15 6.5 Medium
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.
CVE-2022-45070 2026-04-15 5.3 Medium
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
CVE-2024-13468 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages.
CVE-2025-27428 2026-04-15 7.7 High
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.
CVE-2024-4138 1 Sap 1 S/4 Hana 2026-04-15 4.3 Medium
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
CVE-2024-37232 1 Toddnestor 1 Hercules Core 2026-04-15 8.8 High
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.