Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32593 | 2025-04-17 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Add Product Frontend for WooCommerce: from n/a through 1.0.6.
|
|||||
| CVE-2025-39554 | 2025-04-17 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.
|
|||||
| CVE-2025-39456 | 2025-04-17 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in iTRON WP Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logger: from n/a through 2.2.
|
|||||
| CVE-2023-47458 | 1 Bladex | 1 Springblade | 2025-04-17 | N/A | 9.8 CRITICAL |
|
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
|
|||||
| CVE-2023-6383 | 1 Bowo | 1 Debug Log Manager | 2025-04-17 | N/A | 7.5 HIGH |
|
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
|
|||||
| CVE-2022-26423 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
|
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
|
|||||
| CVE-2022-1070 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
|
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
|
|||||
| CVE-2022-1066 | 1 Aethon | 1 Tug Home Base Server | 2025-04-17 | N/A | 8.2 HIGH |
|
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
|
|||||
| CVE-2022-4024 | 1 Genetechsolutions | 1 Pie Register | 2025-04-17 | N/A | 6.5 MEDIUM |
|
The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users (along with their posts)
|
|||||
| CVE-2022-3961 | 1 Wpwax | 1 Directorist | 2025-04-17 | N/A | 6.5 MEDIUM |
|
The Directorist WordPress plugin before 7.4.4 does not prevent users with low privileges (like subscribers) from accessing sensitive system information.
|
|||||
| CVE-2023-22697 | 1 Ays-pro | 1 Survey Maker | 2025-04-17 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0.
|
|||||
| CVE-2025-39513 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: from n/a through 0.2.46.
|
|||||
| CVE-2025-26953 | 2025-04-16 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9.
|
|||||
| CVE-2025-39560 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4.
|
|||||
| CVE-2025-39571 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.
|
|||||
| CVE-2025-39531 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in slazzercom Slazzer Background Changer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Slazzer Background Changer: from n/a through 3.14.
|
|||||
| CVE-2025-30960 | 2025-04-16 | N/A | 8.3 HIGH | ||
|
Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.
|
|||||
| CVE-2025-39591 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3.
|
|||||
| CVE-2025-39522 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Sebastian Lee Dynamic Post allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dynamic Post: from n/a through 4.10.
|
|||||
| CVE-2025-27008 | 2025-04-16 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a.
|
|||||
| CVE-2025-39552 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200.
|
|||||
| CVE-2025-39545 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3.
|
|||||
| CVE-2025-39602 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.9.5.
|
|||||
| CVE-2024-30477 | 1 Klarna | 1 Klarna For Woocommerce | 2025-04-15 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.
|
|||||
| CVE-2024-53825 | 1 Ninjateam | 1 Filebird | 2025-04-15 | N/A | 4.7 MEDIUM |
|
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.
|
|||||
| CVE-2023-25966 | 1 Ninjateam | 1 Filebird | 2025-04-15 | N/A | 5.5 MEDIUM |
|
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.
|
|||||
| CVE-2025-26944 | 2025-04-15 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in NotFound JetPopup allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetPopup: from n/a through 2.0.11.
|
|||||
| CVE-2025-32929 | 2025-04-15 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.
|
|||||
| CVE-2025-26741 | 2025-04-15 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6.
|
|||||
| CVE-2025-26955 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in VW Themes Industrial Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Industrial Lite: from n/a through 1.0.8.
|
|||||
| CVE-2025-26958 | 2025-04-15 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in NotFound JetBlog allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetBlog: from n/a through 2.4.3.
|
|||||
| CVE-2025-26959 | 2025-04-15 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation. This issue affects Administrator Z: from n/a through 2025.03.24.
|
|||||
| CVE-2025-26942 | 2025-04-15 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in NotFound JetTricks allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetTricks: from n/a through 1.5.1.
|
|||||
| CVE-2024-33667 | 1 Zammad | 1 Zammad | 2025-04-15 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist.
|
|||||
| CVE-2022-45410 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.5 MEDIUM |
|
When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
|
|||||
| CVE-2022-2846 | 1 Dwbooster | 1 Calendar Event Multi View | 2025-04-15 | N/A | 4.3 MEDIUM |
|
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.
|
|||||
| CVE-2022-4223 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-04-14 | N/A | 8.8 HIGH |
|
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appr ...
Show More |
|||||
| CVE-2022-4124 | 1 Popup Manager Project | 1 Popup Manager | 2025-04-14 | N/A | 4.3 MEDIUM |
|
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
|
|||||
| CVE-2024-49697 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2025-04-14 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
|
|||||
| CVE-2024-11916 | 1 Wpextended | 1 Wp Extended | 2025-04-14 | N/A | 7.4 HIGH |
|
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with
|
|||||