Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22481 | 2026-01-27 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.
|
|||||
| CVE-2025-69190 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.
|
|||||
| CVE-2025-68896 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.
|
|||||
| CVE-2025-68882 | 2026-01-27 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3.
|
|||||
| CVE-2025-68558 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.
|
|||||
| CVE-2025-69184 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.
|
|||||
| CVE-2025-60116 | 1 Themegoods | 1 Grand Conference | 2026-01-27 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.
|
|||||
| CVE-2026-1142 | 1 Phpgurukul | 1 News Portal | 2026-01-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-22348 | 2026-01-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.
|
|||||
| CVE-2025-69315 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.
|
|||||
| CVE-2025-69313 | 2026-01-27 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
|
|||||
| CVE-2025-69311 | 2026-01-27 | N/A | 7.6 HIGH | ||
|
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.
|
|||||
| CVE-2026-24539 | 2026-01-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68.
|
|||||
| CVE-2026-22450 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3.
|
|||||
| CVE-2025-69300 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.
|
|||||
| CVE-2025-69188 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.
|
|||||
| CVE-2025-69187 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
|
|||||
| CVE-2025-69186 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
|
|||||
| CVE-2025-69185 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
|
|||||
| CVE-2026-24544 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.
|
|||||
| CVE-2026-24543 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.
|
|||||
| CVE-2026-24541 | 2026-01-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.
|
|||||
| CVE-2026-24540 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5.
|
|||||
| CVE-2025-69181 | 2026-01-27 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.
|
|||||
| CVE-2025-69095 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.
|
|||||
| CVE-2025-69052 | 2026-01-27 | N/A | 9.8 CRITICAL | ||
|
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for WooCommerce: from n/a through <= 1.3.1.
|
|||||
| CVE-2025-66140 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
|
|||||
| CVE-2025-14971 | 2026-01-27 | N/A | 5.3 MEDIUM | ||
|
The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration.
|
|||||
| CVE-2026-23683 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
|
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted.
|
|||||
| CVE-2026-24534 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.
|
|||||
| CVE-2026-24524 | 2026-01-26 | N/A | 8.1 HIGH | ||
|
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.
|
|||||
| CVE-2025-66138 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.
|
|||||
| CVE-2025-66137 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.
|
|||||
| CVE-2025-66136 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.
|
|||||
| CVE-2025-66135 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.
|
|||||
| CVE-2025-63018 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.
|
|||||
| CVE-2025-62754 | 2026-01-26 | N/A | 9.1 CRITICAL | ||
|
Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0.
|
|||||
| CVE-2025-62106 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.
|
|||||
| CVE-2025-5805 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.
|
|||||
| CVE-2025-54002 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.
|
|||||