| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings. |
| Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. |
| The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings. |
| The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings. |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. |
| The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. |
| Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.
|
|
A device API
endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy
and missing authentication requirement for private IPs, a remote attacker on
the same network as the device could obtain device information by convincing a
victim user to visit an attacker-controlled server and issue a cross-site
request.
This issue affects
My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My
Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126;
ibi Web App: before 4.26.0-6126.
|
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
