| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in Supsystic Data Tables Generator by Supsystic.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.31.
|
| Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.
|
| Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.
|
| Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2. |
| Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2.
|
| Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5. |
| Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32. |
| Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11. |
| Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0. |
| Missing Authorization vulnerability in Avirtum Vision Interactive.This issue affects Vision Interactive: from n/a through 1.7.1. |
|
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application.
|
| SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application.
|
| Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2. |
| Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through 3.3. |
| Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a through 6.9. |
| Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.
|
| Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.
|
| Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.
|
| Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file. |
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8.
|
