Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32201 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.8.3.
|
|||||
| CVE-2025-32235 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.9.4.
|
|||||
| CVE-2025-31381 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
|
|||||
| CVE-2025-32219 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.
|
|||||
| CVE-2025-32229 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Bowo Variable Inspector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Variable Inspector: from n/a through 2.6.3.
|
|||||
| CVE-2025-32178 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.18.0.
|
|||||
| CVE-2025-32256 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20.
|
|||||
| CVE-2025-32239 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Joao Romao Social Share Buttons & Analytics Plugin – GetSocial.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social Share Buttons & Analytics Plugin – GetSocial.io: from n/a through 4.5.
|
|||||
| CVE-2025-32233 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3.
|
|||||
| CVE-2025-32225 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Event Manager WP Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Event Manager: from n/a through 3.1.47.
|
|||||
| CVE-2025-32231 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Bookingor Bookingor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bookingor: from n/a through 1.0.6.
|
|||||
| CVE-2025-32232 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6.
|
|||||
| CVE-2025-32258 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1.
|
|||||
| CVE-2025-32252 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in blackandwhitedigital WP Genealogy – Your Family History Website allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Genealogy – Your Family History Website: from n/a through 0.1.9.
|
|||||
| CVE-2025-32226 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Display product variations dropdown on shop page: from n/a through 1.1.3.
|
|||||
| CVE-2025-32234 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in aleswebs AdMail – Multilingual Back in-Stock Notifier for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AdMail – Multilingual Back in-Stock Notifier for WooCommerce: from n/a through 1.7.0.
|
|||||
| CVE-2025-1233 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site.
|
|||||
| CVE-2025-2933 | 2025-04-07 | N/A | 8.8 HIGH | ||
|
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable ...
Show More |
|||||
| CVE-2025-32277 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211.
|
|||||
| CVE-2024-0893 | 1 Schemaapp | 1 Schema App Structured Data | 2025-04-04 | N/A | 4.3 MEDIUM |
|
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
|
|||||
| CVE-2020-22007 | 1 Okerthai | 2 G955v1, G955v1 Firmware | 2025-04-04 | N/A | 6.8 MEDIUM |
|
OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.
|
|||||
| CVE-2024-1376 | 1 Avecnous | 1 Event Post | 2025-04-04 | N/A | 4.3 MEDIUM |
|
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data.
|
|||||
| CVE-2024-38748 | 1 Theinnovs | 1 Eleforms | 2025-04-04 | N/A | 5.3 MEDIUM |
|
Access Control vulnerability in TheInnovs EleForms allows .
This issue affects EleForms: from n/a through 2.9.9.9.
|
|||||
| CVE-2024-43142 | 1 Themeum | 1 Tutor Lms | 2025-04-04 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
|
|||||
| CVE-2024-43136 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2025-04-04 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.
|
|||||
| CVE-2022-44626 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-04-04 | N/A | 6.3 MEDIUM |
|
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.
|
|||||
| CVE-2024-4858 | 1 Uapp | 1 Testimonial Carousel For Elementor | 2025-04-04 | N/A | 5.3 MEDIUM |
|
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.
|
|||||
| CVE-2025-24654 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-04-04 | N/A | 7.1 HIGH |
|
Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05.
|
|||||
| CVE-2023-0242 | 1 Rapid7 | 1 Velociraptor | 2025-04-03 | N/A | 8.8 HIGH |
|
Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server.
The VQL copy() function applies permission checks for reading files but does not check for permission to write files. This allows a low privilege user (usually, users with the Velociraptor "investigator" ...
Show More |
|||||
| CVE-2022-41417 | 1 Blogengine | 1 Blogengine.net | 2025-04-03 | N/A | 9.8 CRITICAL |
|
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
|
|||||
| CVE-2024-12955 | 1 Phpgurukul | 1 Blood Bank \& Donor Management System | 2025-04-03 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-1843 | 1 Flamescorpion | 1 Auto Affiliate Links | 2025-04-03 | N/A | 4.3 MEDIUM |
|
The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.
|
|||||
| CVE-2024-1862 | 1 Renventura | 1 Woocommerce Add To Cart Custom Redirect | 2025-04-03 | N/A | 8.1 HIGH |
|
The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'.
|
|||||
| CVE-2005-3623 | 1 Linux | 1 Linux Kernel | 2025-04-03 | 5.0 MEDIUM | N/A |
|
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems.
|
|||||
| CVE-2006-4483 | 1 Php | 1 Php | 2025-04-03 | 9.3 HIGH | N/A |
|
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
|
|||||
| CVE-2023-35040 | 1 Pressified | 1 Sendpress | 2025-04-03 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.
|
|||||
| CVE-2024-32778 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-03 | N/A | 8.5 HIGH |
|
Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
|
|||||
| CVE-2023-24431 | 1 Jenkins | 1 Orka By Macstadium | 2025-04-02 | N/A | 4.3 MEDIUM |
|
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
|||||
| CVE-2023-20916 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
|
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049
|
|||||
| CVE-2023-20912 | 1 Google | 1 Android | 2025-04-02 | N/A | 7.8 HIGH |
|
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995
|
|||||