Total
508 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51502 | 1 Automattic | 1 Woocommerce Stripe | 2024-01-11 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | ||||
| CVE-2023-50342 | 1 Hcltech | 1 Dryice Myxalytics | 2024-01-09 | 4.3 Medium |
| HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control. | ||||
| CVE-2023-45892 | 1 Floorsightsoftware | 1 Insight | 2024-01-08 | 7.5 High |
| An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | ||||
| CVE-2023-45893 | 1 Floorsightsoftware | 1 Customer Portal | 2024-01-08 | 7.5 High |
| An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | ||||
| CVE-2023-51503 | 1 Automattic | 1 Woopayments | 2024-01-05 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | ||||
| CVE-2023-50267 | 1 Metersphere | 1 Metersphere | 2024-01-04 | 4.3 Medium |
| MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds. | ||||
| CVE-2023-49765 | 1 Blazzdev | 1 Rate My Post | 2023-12-30 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | ||||
| CVE-2023-47191 | 1 Kainelabs | 1 Youzify | 2023-12-30 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | ||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-12-30 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | ||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2023-12-30 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | ||||
| CVE-2023-49812 | 1 Wppa | 1 Wp Photo Album Plus | 2023-12-30 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. | ||||
| CVE-2023-6929 | 1 Eurotel | 2 Etl3100, Etl3100 Firmware | 2023-12-29 | 9.8 Critical |
| EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. | ||||
| CVE-2023-46646 | 1 Github | 1 Enterprise Server | 2023-12-29 | 5.3 Medium |
| Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected GitHub Enterprise Server version 3.7.0 and above and was fixed in version 3.17.19, 3.8.12, 3.9.7 3.10.4, and 3.11.0. | ||||
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2023-12-29 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | ||||
| CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2023-12-29 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | ||||
| CVE-2022-43450 | 1 Xwp | 1 Stream | 2023-12-29 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | ||||
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2023-12-28 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | ||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2023-12-28 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | ||||
| CVE-2021-38624 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2023-12-28 | 6.5 Medium |
| Windows Key Storage Provider Security Feature Bypass Vulnerability | ||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2023-12-28 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | ||||