Export limit exceeded: 23744 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53214 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.1 Critical |
| Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through <= 1.21. | ||||
| CVE-2025-13603 | 2 Husainali52, Wordpress | 2 Wp Audio Gallery, Wordpress | 2026-04-15 | 8.8 High |
| The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpag_htaccess_callback" function This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the site's .htaccess file with arbitrary content, which can lead to arbitrary file read on the server under certain configurations. | ||||
| CVE-2025-58919 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in guihom Wide Banner wide-banner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wide Banner: from n/a through <= 1.0.4. | ||||
| CVE-2024-33925 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. | ||||
| CVE-2025-14982 | 2 Wordpress, Wpdevelop | 2 Wordpress, Booking Calendar | 2026-04-15 | 4.3 Medium |
| The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the database, including personally identifiable information (PII) such as names, email addresses, phone numbers, physical addresses, payment status, booking costs, and booking hashes belonging to other users. | ||||
| CVE-2025-53499 | 2026-04-15 | 9.1 Critical | ||
| Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2. | ||||
| CVE-2024-22257 | 2 Pivotal Software, Redhat | 3 Spring Security, Apache Camel Spring Boot, Jboss Fuse | 2026-04-15 | 8.2 High |
| In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. | ||||
| CVE-2025-66149 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3. | ||||
| CVE-2025-14978 | 2 Peachpay, Wordpress | 2 Peachpay - Payments & Express Checkout For Woocommerce (supports Stripe, Paypal, Square, Authorizenet), Wordpress | 2026-04-15 | 5.3 Medium |
| The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. This makes it possible for unauthenticated attackers to modify the status of arbitrary WooCommerce orders. | ||||
| CVE-2025-62755 | 2 Gsplugins, Wordpress | 2 Gs Portfolio For Envato, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2. | ||||
| CVE-2025-58979 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in BerqWP BerqWP searchpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BerqWP: from n/a through <= 2.2.53. | ||||
| CVE-2025-30790 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chatbox Manager: from n/a through <= 1.2.2. | ||||
| CVE-2025-53571 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.6. | ||||
| CVE-2024-50647 | 1 Python Food Ordering System | 1 Python Food Ordering System | 2026-04-15 | 7.5 High |
| The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization. | ||||
| CVE-2025-2515 | 1 Eclipse | 1 Bluechi | 2026-04-15 | 7.2 High |
| A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise. | ||||
| CVE-2025-14880 | 2 Netcashpaynow, Wordpress | 2 Netcash Woocommerce Payment Gateway, Wordpress | 2026-04-15 | 5.3 Medium |
| The Netcash WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_return_url function in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to mark any WooCommerce order as processing/completed. | ||||
| CVE-2025-49377 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9. | ||||
| CVE-2025-59591 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.33. | ||||
| CVE-2025-62747 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through <= 1.3.4. | ||||
| CVE-2025-14080 | 2 Wordpress, Wpshuffle | 2 Wordpress, Frontend Post Submission Manager | 2026-04-15 | 5.3 Medium |
| The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.5. This is due to missing authorization checks on the post update functionality in the fpsml_form_process AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary posts by providing a post_id parameter via the guest posting form, allowing them to change post titles, content, excerpts, and remove post authors. | ||||