CVE Catalog

A missing authorization vulnerability has been identified in the WordPress DoLogin Security plugin, specifically in versions through 3.7.1. This vulnerability allows exploitation of improperly configured access control levels, potentially leading to unauthorized actions by users with lower privileges.

A broken access control vulnerability has been identified in the WP iCal Availability WordPress plugin, affecting versions through 1.0.3. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the AtomChat WordPress plugin, specifically in versions through 1.1.4. This vulnerability allows unprivileged users to exploit incorrectly configured access control security levels, potentially leading to unauthorized actions that require higher privileges.

A missing authorization vulnerability has been identified in the WordPress Convertful plugin, specifically in versions through 2.5. This vulnerability allows exploitation of improperly configured access control, potentially enabling unauthorized users to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the gVectors wpDiscuz WordPress plugin, affecting versions through 7.6.10. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the MW WP Form WordPress plugin, specifically in versions through 4.4.5. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized actions by users with lower privileges.

A broken access control vulnerability has been identified in the Just Custom Fields WordPress plugin, specifically in versions through 3.3.2. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the Repuso Social Proof Testimonials and Reviews WordPress plugin, affecting versions through 4.97. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the CoSchedule Headline Analyzer WordPress plugin, affecting versions through 1.3.1. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized actions by users with lower privileges.

A broken access control vulnerability has been identified in the Freesoul Deactivate Plugins – Plugin Manager and Cleanup, affecting versions through 2.1.3. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the Kali Forms WordPress plugin, specifically in the Contact Form builder with drag & drop feature, affecting versions through 2.3.27. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the Cyberlord92 Broken Link Checker | Finder plugin for WordPress, affecting versions through 2.4.2. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WordPress ApplyOnline – Application Form Builder and Manager plugin, affecting versions through 2.5.3. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized actions by users with lower privileges.

A missing authorization vulnerability has been identified in the WP Royal Ashe Extra plugin, specifically in versions through 1.2.9. This vulnerability allows exploitation of improperly configured access control security levels, potentially enabling unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WordPress DX Delete Attached Media plugin, specifically in versions through 2.0.5.1. This vulnerability allows unprivileged users to perform actions that require higher privileges, due to incorrectly configured access control security levels.

A broken access control vulnerability has been identified in the RumbleTalk Live Group Chat plugin for WordPress, affecting versions through 6.2.5. This vulnerability arises from missing authorization checks, which can be exploited to manipulate access control security levels incorrectly.

A broken access control vulnerability has been identified in the WordPress Poll Maker plugin, affecting versions through 4.7.1. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the weDevs WP ERP plugin, affecting versions through 1.12.6. This vulnerability arises from missing authorization checks, allowing users with lower privileges to perform actions reserved for higher privileged users.

A broken access control vulnerability has been identified in the gVectors wpDiscuz WordPress plugin, affecting versions through 7.6.3. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the CodePeople Appointment Hour Booking WordPress plugin, affecting versions through 1.4.23. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the WebToffee WordPress Backup & Migration plugin, affecting versions through 1.4.1. This vulnerability arises from missing authorization checks, which can be exploited by users with lower privileges to perform actions reserved for higher privileged users.

A missing authorization vulnerability has been identified in the WPDevArt Responsive Image Gallery, Gallery Album plugin for WordPress, affecting versions through 2.0.3. This vulnerability arises from broken access control, allowing unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the Kali Forms WordPress plugin, specifically in the Contact Form builder with drag-and-drop functionality. This issue affects versions through 2.3.28 and allows unprivileged users to exploit incorrectly configured access control security levels, potentially leading to unauthorized actions.

A missing authorization vulnerability has been identified in the WowStore ProductX Gutenberg WooCommerce Blocks plugin, affecting versions through 2.7.8. This vulnerability arises from incorrectly configured access control, which can be exploited to perform actions that require higher privileges.

A missing authorization vulnerability has been identified in the BoldThemes Bold Timeline Lite WordPress plugin, affecting versions through 1.1.9. This vulnerability allows exploitation of improperly configured access control, enabling unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WPDeveloper BetterLinks plugin, affecting versions through 1.6.0. This vulnerability allows exploitation of improperly configured access control levels, potentially leading to unauthorized actions by users with lower privileges.

A missing authorization vulnerability has been identified in the CusRev Customer Reviews for WooCommerce plugin, affecting versions through 5.36.0. This vulnerability arises from incorrectly configured access control levels, which can be exploited to perform actions reserved for higher privileged users.

A missing authorization vulnerability has been identified in the AWSM Innovations WP Job Openings plugin, specifically in versions through 3.4.1. This vulnerability allows exploitation of incorrectly configured access control security levels, potentially leading to unauthorized actions by users with lower privileges.

A missing authorization vulnerability has been identified in the WordPress WP Custom Widget Area plugin, specifically in versions through 1.2.5. This vulnerability allows unprivileged users to exploit improperly configured access control, potentially leading to unauthorized actions that require higher privileges.

A missing authorization vulnerability has been identified in the weDevs WP User Frontend plugin, specifically in versions through 3.6.8. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized actions by users with lower privileges.

A missing authorization vulnerability has been identified in the WordPress WP Custom Admin Interface plugin, versions through 7.32. This vulnerability allows exploitation of improperly configured access control security levels, potentially enabling unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the Schema App Structured Data WordPress plugin, affecting versions through 1.23.1. This vulnerability allows exploitation of incorrectly configured access control security levels, potentially enabling unauthorized users to perform actions reserved for higher privileges.

A critical vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue arises in the DHCPD Setting Handler, within the file '/goform/form2Dhcpd.cgi'. This vulnerability allows for improper access controls, enabling remote exploitation.

A critical vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue arises in the WiFi Settings Handler, within the file '/goform/form2AdvanceSetup.cgi'. This vulnerability allows for improper access controls, enabling unauthorized users to manipulate settings or access restricted features. The vulnerability can be exploited remotely, without any authentication requirements.

A reflected cross-site scripting vulnerability has been identified in the Azzaroco WP SuperBackup plugin for WordPress, affecting versions through 2.3.3. This vulnerability arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that could be executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the WordPress HTML Forms plugin, affecting versions through 1.4.1. This issue arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that are executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the WordPress SendSMS plugin, affecting versions through 1.2.9. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the WordPress User Referral plugin, affecting versions through 8.0. This issue allows attackers to inject malicious scripts that could be executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the WordPress odPhotogallery plugin, affecting versions through 0.5.3. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the WordPress Upload Scanner plugin, affecting versions through 1.2. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the Irshad Services WordPress plugin, specifically in the 'Services updates for customers' component, affecting versions through 1.0. This vulnerability arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that could be executed when users visit the affected page.

A reflected cross-site scripting vulnerability has been identified in the WordPress FAQs plugin, affecting versions through 1.0.2. This issue allows for improper neutralization of input during web page generation, enabling the injection of malicious scripts that could be executed when users visit the site.

A reflected cross-site scripting vulnerability has been identified in the Foliovision FV Descriptions WordPress plugin, affecting versions through 1.4. This issue allows attackers to inject malicious scripts that are executed when users visit the affected page.

A reflected cross-site scripting vulnerability has been identified in the 10CentMail WordPress plugin, affecting versions through 2.1.50. This issue allows attackers to inject malicious scripts that are executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the Dreamwinner Easy Language Switcher WordPress plugin, affecting versions through 1.0. This issue arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that could be executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the Lemonade Social Networks Autoposter Pinterest plugin for WordPress, affecting versions through 2.0. This vulnerability arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that could be executed when users visit the affected site.

A reflected cross-site scripting vulnerability has been identified in the BizSwoop Leads CRM plugin, affecting versions through 2.0.13. This issue allows for improper neutralization of input during web page generation, enabling the injection of malicious scripts that could be executed when users visit the affected site.

A stored cross-site scripting vulnerability has been identified in the WordPress Inline Footnotes plugin, affecting versions through 2.3.0. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A critical access control vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue arises from improper access controls in the Virtual Service Handler component, particularly within the file '/goform/form2AddVrtsrv.cgi'. This vulnerability allows unauthorized users to manipulate the service handler, potentially leading to unauthorized access or actions.

A critical vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue resides within the DDNS service component, particularly in the '/goform/DDNS' file. This vulnerability allows for improper access control, enabling unauthorized users to manipulate DDNS settings remotely without authentication.