Search Results (10458 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-11643 1 Allaccessible 1 Accessibility 2026-04-15 8.8 High
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2024-34813 2026-04-15 N/A
Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.8.
CVE-2023-51526 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through 2.2.4.
CVE-2024-37482 2 Post Grid Team By Radiustheme, Wordpress 2 The Post Grid, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4.
CVE-2024-25912 2 Skymoonlabs, Wordpress 2 Moveto, Wordpress 2026-04-15 9.8 Critical
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
CVE-2024-3072 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post title, content, and ACF data.
CVE-2024-12559 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key.
CVE-2024-32810 1 Shortpixel 1 Shortpixel Critical Css 2026-04-15 7.6 High
Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2.
CVE-2024-48540 1 Shenzhen Xiaohe Lejia Technology Co 1 Xiaohesmart Firmware 2026-04-15 6.2 Medium
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-1181 1 Dazzlersoftware 1 Coming Soon\, Under Construction \& Maintenance Mode By Dazzler 2026-04-15 5.3 Medium
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode.
CVE-2024-51667 2026-04-15 N/A
Missing Authorization vulnerability in paytiumsupport Paytium paytium.This issue affects Paytium: from n/a through <= 4.4.10.
CVE-2024-28167 1 Sap Se 1 Sap Group Reporting Data Collection 2026-04-15 6.5 Medium
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization causing high impact on Integrity of the appliction.
CVE-2023-46609 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2.
CVE-2023-25035 1 Fullworksplugins 1 Quick Contact Form 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.
CVE-2023-38480 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9.
CVE-2024-2033 2026-04-15 4.3 Medium
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site.
CVE-2023-40327 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Putler / Storeapps Putler Connector for WooCommerce.This issue affects Putler Connector for WooCommerce: from n/a through 2.12.0.
CVE-2024-43134 2026-04-15 4.3 Medium
Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6.
CVE-2023-41690 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5.
CVE-2022-45841 2 Robosoft, Wordpress 2 Robo Gallery, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.