Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48337 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
|
|||||
| CVE-2025-24762 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
|
|||||
| CVE-2025-30957 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2.
|
|||||
| CVE-2025-30978 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7.
|
|||||
| CVE-2025-29010 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
|
|||||
| CVE-2025-29013 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9.
|
|||||
| CVE-2025-28995 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.
|
|||||
| CVE-2025-49287 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8.
|
|||||
| CVE-2025-30927 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0.
|
|||||
| CVE-2025-49320 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11.
|
|||||
| CVE-2025-49272 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in sergiotrinity Trinity Audio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trinity Audio: from n/a through 5.20.0.
|
|||||
| CVE-2025-49293 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.
|
|||||
| CVE-2023-25997 | 2025-06-06 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
|
|||||
| CVE-2023-26002 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
|
|||||
| CVE-2025-49248 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in cmoreira Team Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Showcase: from n/a through n/a.
|
|||||
| CVE-2025-30636 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Ability, Inc Accessibility Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite: from n/a through 4.19.
|
|||||
| CVE-2025-49246 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in cmoreira Testimonials Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Testimonials Showcase: from n/a through 1.9.16.
|
|||||
| CVE-2025-49288 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5.
|
|||||
| CVE-2025-30958 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects onOffice for WP-Websites: from n/a through 5.7.
|
|||||
| CVE-2025-30624 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.
|
|||||
| CVE-2025-49324 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
|
|||||
| CVE-2025-28996 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.
|
|||||
| CVE-2025-30934 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16.
|
|||||
| CVE-2025-29006 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3.
|
|||||
| CVE-2025-48335 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
|
|||||
| CVE-2025-24776 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
|
|||||
| CVE-2025-30932 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WP Compress WP Compress for MainWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Compress for MainWP: from n/a through 6.30.32.
|
|||||
| CVE-2025-49268 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4.
|
|||||
| CVE-2025-49241 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1.
|
|||||
| CVE-2025-49270 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.
|
|||||
| CVE-2023-41802 | 1 Heateor | 1 Super Socializer | 2025-06-05 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54.
|
|||||
| CVE-2023-41695 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | 3.5 LOW |
|
Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0.
|
|||||
| CVE-2022-46795 | 1 Tychesoftwares | 1 Print Invoice \& Delivery Notes For Woocommerce | 2025-06-05 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.
|
|||||
| CVE-2022-45830 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | 6.5 MEDIUM |
|
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.
|
|||||
| CVE-2024-1584 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | 5.3 MEDIUM |
|
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID.
|
|||||
| CVE-2024-1809 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | 5.4 MEDIUM |
|
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.
|
|||||
| CVE-2025-5701 | 2025-06-05 | N/A | 9.8 CRITICAL | ||
|
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user ...
Show More |
|||||
| CVE-2025-46258 | 2025-06-05 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
|
|||||
| CVE-2024-10802 | 1 Hashthemes | 1 Hash Elements | 2025-06-05 | N/A | 5.3 MEDIUM |
|
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.
|
|||||
| CVE-2024-9531 | 1 Multivendorx | 1 Multivendorx | 2025-06-05 | N/A | 4.3 MEDIUM |
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send a canned email to the site's administrator asking to delete the profile of an arbitrary vendor.
|
|||||