Export limit exceeded: 23792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3275 | 2026-04-15 | 4.3 Medium | ||
| The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts. | ||||
| CVE-2024-3277 | 2 Wordpress, Yumpu | 2 Wordpress, Yumpu Epaper Publishing | 2026-04-15 | 5 Medium |
| The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key. | ||||
| CVE-2024-32777 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. | ||||
| CVE-2024-32779 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Avirtum Vision Interactive.This issue affects Vision Interactive: from n/a through 1.7.1. | ||||
| CVE-2023-25043 | 1 Supsystic | 1 Data Tables Generator | 2026-04-15 | 5 Medium |
| Incorrect Authorization vulnerability in Supsystic Data Tables Generator.This issue affects Data Tables Generator: from n/a through 1.10.25. | ||||
| CVE-2024-3295 | 2026-04-15 | 6.5 Medium | ||
| The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file. | ||||
| CVE-2024-32951 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1. | ||||
| CVE-2024-38695 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6. | ||||
| CVE-2024-38699 | 1 Wpswings | 1 Wallet System For Woocommerce | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | ||||
| CVE-2024-38702 | 1 Tychesoftwares | 1 Product Delivery Date For Woocommerce Lite | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2. | ||||
| CVE-2024-3331 | 2026-04-15 | 6.8 Medium | ||
| Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0. | ||||
| CVE-2024-38719 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2. | ||||
| CVE-2024-38721 | 2 Spider-themes, Wordpress | 2 Eazydocs, Wordpress | 2026-04-15 | 7.1 High |
| Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0. | ||||
| CVE-2024-38726 | 1 Pickplugins | 1 Product Designer | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33. | ||||
| CVE-2024-33566 | 1 Wordpress | 1 Orderconvo | 2026-04-15 | 10 Critical |
| Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | ||||
| CVE-2024-40709 | 1 Veeam | 1 Agent | 2026-04-15 | N/A |
| A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. | ||||
| CVE-2024-33573 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1. | ||||
| CVE-2024-38727 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9. | ||||
| CVE-2024-33574 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | ||||
| CVE-2024-33576 | 1 Wordpress | 1 Wppizza | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | ||||