Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30821 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14.
|
|||||
| CVE-2025-22673 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5.
|
|||||
| CVE-2025-30874 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3.
|
|||||
| CVE-2025-22670 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2.
|
|||||
| CVE-2025-30877 | 2025-03-27 | N/A | 2.7 LOW | ||
|
Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8.
|
|||||
| CVE-2025-30851 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Tickera Tickera allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tickera: from n/a through 3.5.5.2.
|
|||||
| CVE-2025-30887 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9.
|
|||||
| CVE-2025-30909 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3.
|
|||||
| CVE-2025-22671 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through 1.0.2.
|
|||||
| CVE-2025-30828 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.
|
|||||
| CVE-2025-22668 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2.
|
|||||
| CVE-2025-22647 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.
|
|||||
| CVE-2025-30861 | 2025-03-27 | N/A | 4.9 MEDIUM | ||
|
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.6.29.
|
|||||
| CVE-2025-30864 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2.
|
|||||
| CVE-2025-30894 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.79.262.
|
|||||
| CVE-2025-22665 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4.
|
|||||
| CVE-2025-30809 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4.
|
|||||
| CVE-2025-22770 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.
|
|||||
| CVE-2025-30817 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in wpzita Z Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Z Companion: from n/a through 1.0.13.
|
|||||
| CVE-2025-30866 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Terms & Conditions Per Product: from n/a through 1.2.15.
|
|||||
| CVE-2025-30824 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Israpil Textmetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Textmetrics: from n/a through 3.6.1.
|
|||||
| CVE-2025-22667 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2.
|
|||||
| CVE-2025-30839 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.2.1.
|
|||||
| CVE-2025-22629 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in iNET iNET Webkit allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iNET Webkit: from n/a through 1.2.2.
|
|||||
| CVE-2025-30592 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer: from n/a through 1.6.
|
|||||
| CVE-2025-30581 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in PluginOps Top Bar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Top Bar: from n/a through 3.3.
|
|||||
| CVE-2025-30543 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in swayam.tejwani Menu Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Menu Duplicator: from n/a through 1.0.
|
|||||
| CVE-2025-30605 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ldwin79 sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects sourceplay-navermap: from n/a through 0.0.2.
|
|||||
| CVE-2025-30591 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in tuyennv Music Press Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Press Pro: from n/a through 1.4.6.
|
|||||
| CVE-2023-6821 | 1 Bestwebsoft | 1 Error Log Viewer | 2025-03-27 | N/A | 6.5 MEDIUM |
|
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization
|
|||||
| CVE-2025-1507 | 1 Sharethis | 1 Dashboard For Google Analytics | 2025-03-27 | N/A | 5.3 MEDIUM |
|
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.
|
|||||
| CVE-2024-12810 | 1 Chimpgroup | 1 Jobcareer | 2025-03-27 | N/A | 8.8 HIGH |
|
The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
|
|||||
| CVE-2024-13737 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2025-03-27 | N/A | 4.3 MEDIUM |
|
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for M ...
Show More |
|||||
| CVE-2025-1408 | 1 Metagauss | 1 Profilegrid | 2025-03-27 | N/A | 4.3 MEDIUM |
|
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only.
|
|||||
| CVE-2022-47450 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47333 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47332 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-47330 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
|
|||||
| CVE-2022-44421 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure.
|
|||||
| CVE-2021-36225 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2025-03-26 | N/A | 8.8 HIGH |
|
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
|
|||||