Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48246 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1.
|
|||||
| CVE-2025-48346 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4.
|
|||||
| CVE-2025-48260 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3.
|
|||||
| CVE-2025-39454 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0.
|
|||||
| CVE-2025-39373 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in jegtheme JNews.This issue affects JNews: from n/a through 11.6.5.
|
|||||
| CVE-2025-39376 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress.This issue affects Car Park Booking System for WordPress: from n/a through 2.6.
|
|||||
| CVE-2025-39447 | 2025-05-21 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1.
|
|||||
| CVE-2025-39398 | 2025-05-21 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2.
|
|||||
| CVE-2025-39350 | 2025-05-21 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
|
|||||
| CVE-2025-39460 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4.
|
|||||
| CVE-2025-39451 | 2025-05-21 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Crocoblock JetBlocks For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlocks For Elementor: from n/a through 1.3.16.
|
|||||
| CVE-2025-39368 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ed4becky Rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through 3.7.5.
|
|||||
| CVE-2025-43838 | 2025-05-21 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1.
|
|||||
| CVE-2025-39449 | 2025-05-21 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Crocoblock JetWooBuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through 2.1.18.
|
|||||
| CVE-2025-39388 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.
|
|||||
| CVE-2025-22287 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11.
|
|||||
| CVE-2025-26920 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through 0.4.8.
|
|||||
| CVE-2025-26867 | 2025-05-21 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
|
|||||
| CVE-2025-4105 | 2025-05-21 | N/A | 5.4 MEDIUM | ||
|
The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa.
|
|||||
| CVE-2022-2405 | 1 Themehunk | 1 Wp Popup Builder | 2025-05-21 | N/A | 4.3 MEDIUM |
|
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
|
|||||
| CVE-2021-24890 | 1 Dplugins | 1 Scripts Organizer | 2025-05-21 | N/A | 8.8 HIGH |
|
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
|
|||||
| CVE-2025-3876 | 1 Cozyvision | 1 Sms Alert Order Notifications | 2025-05-21 | N/A | 8.8 HIGH |
|
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.
|
|||||
| CVE-2025-22385 | 1 Optimizely | 1 Configured Commerce | 2025-05-20 | N/A | 5.9 MEDIUM |
|
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.
|
|||||
| CVE-2023-50976 | 1 Redpanda | 1 Redpanda | 2025-05-20 | N/A | 9.8 CRITICAL |
|
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.
|
|||||
| CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | N/A | 4.3 MEDIUM |
|
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
|
|||||
| CVE-2024-5570 | 1 Zitscher | 1 Simple Photoswipe | 2025-05-19 | N/A | 6.5 MEDIUM |
|
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them
|
|||||
| CVE-2025-31071 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
|
|||||
| CVE-2025-31066 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.
|
|||||
| CVE-2025-47564 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9.
|
|||||
| CVE-2025-31065 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.
|
|||||
| CVE-2025-47556 | 2025-05-19 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.5.
|
|||||
| CVE-2025-31063 | 2025-05-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
|
|||||
| CVE-2025-47563 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7.
|
|||||
| CVE-2025-47534 | 2025-05-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.
|
|||||
| CVE-2025-31630 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
|
|||||
| CVE-2025-48079 | 2025-05-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1.
|
|||||
| CVE-2025-32296 | 2025-05-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in quantumcloud Simple Link Directory Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Link Directory Pro: from n/a through 14.7.3.
|
|||||
| CVE-2025-39511 | 2025-05-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2.
|
|||||
| CVE-2025-31923 | 2025-05-19 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.
|
|||||
| CVE-2025-32295 | 2025-05-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon Booking Pro: from n/a through 10.10.2.
|
|||||