Analysis Summary

CVE-2024-38726 CVSS:7.5

Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-38744 CVSS:8.3

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.

CVE-2024-39650 CVSS:7.3

Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-39664 CVSS:7.3

Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-43158 CVSS:7.5

Missing Authorization vulnerability in Masteriyo Masteriyo - LMS allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-43212 CVSS:7.5

Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.

CVE-2024-43235 CVSS:7.1

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.

CVE-2024-43982 CVSS:8.8

Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.

CVE-2024-37094 CVSS:8.2

Access Control vulnerability in StylemixThemes MasterStudy LMS allows.

Impact

• Cross-Site Scripting
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-38726
• CVE-2024-38744
• CVE-2024-39650
• CVE-2024-39664
• CVE-2024-43158
• CVE-2024-43212
• CVE-2024-43235
• CVE-2024-43982
• CVE-2024-37094

Affected Vendors

Remediation

Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.

CVE-2024-38726

CVE-2024-38744

CVE-2024-39650

CVE-2024-39664

CVE-2024-43158

CVE-2024-43212

CVE-2024-43235

CVE-2024-43982

CVE-2024-37094