| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33. |
| Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
|
| A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. |
| Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.
|
| Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9. |
| Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.
|
| Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.
|
| Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1.
|
| Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.
|
| Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.
|
| Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10.
|
| Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12. |
| Missing Authorization vulnerability in Leaky Paywall.This issue affects Leaky Paywall: from n/a through 4.20.8.
|
| Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.
|
| Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. |
| The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to modify plugin's configuration settings, enable or disable features, as well as enable/disable WordPress cron jobs or debug mode |
| The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files. |
| The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for unauthenticated attackers to push select site options from 0 to a non-zero value, allowing them to reopen registration or corrupt options like 'wp_user_roles', breaking wp-admin access. CVE-2025-13471 appears to be a duplicate of this CVE. |
| sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges. |
| Missing Authorization vulnerability in CodePeople Search in Place allows Functionality Misuse.This issue affects Search in Place: from n/a through 1.0.104. |
