Export limit exceeded: 11910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30490 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8. | ||||
| CVE-2023-41132 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15. | ||||
| CVE-2025-66108 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4. | ||||
| CVE-2025-66109 | 3 Octolize, Woocommerce, Wordpress | 3 Cart Weight For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Octolize Shipping Plugins Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11. | ||||
| CVE-2025-66110 | 2 Bplugins, Wordpress | 2 Tiktok Feed Plugin, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.23. | ||||
| CVE-2023-31073 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend – Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend – Post and User Profile Fields: from n/a through 1.2.0. | ||||
| CVE-2025-66112 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4. | ||||
| CVE-2024-37510 | 1 Wpcharitable | 1 Charitable | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | ||||
| CVE-2025-11894 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings like the ServerKey and LicenseKey. | ||||
| CVE-2025-62017 | 2 Hogash, Wordpress | 2 Kallyas, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | ||||
| CVE-2025-13828 | 1 Mautic | 1 Mautic | 2026-04-15 | N/A |
| SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges. | ||||
| CVE-2024-33566 | 1 Wordpress | 1 Orderconvo | 2026-04-15 | 10 Critical |
| Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | ||||
| CVE-2025-2262 | 2026-04-15 | 7.3 High | ||
| The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-66068 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9. | ||||
| CVE-2025-4975 | 2026-04-15 | N/A | ||
| When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. | ||||
| CVE-2023-32507 | 2 Wordpress, Wp3sixty | 2 Wordpress, Woo Custom Emails | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2. | ||||
| CVE-2023-32519 | 1 Webcodin | 1 Wcp Contact Form | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. | ||||
| CVE-2025-62999 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5. | ||||
| CVE-2024-33576 | 1 Wordpress | 1 Wppizza | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10. | ||||
| CVE-2023-32520 | 2 Webcodin, Wordpress | 2 Wcp Contact Form, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. | ||||