CWE-86 CVEs and Security Vulnerabilities

Export limit exceeded: 10524 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10524 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64630	2 Strategy11, Wordpress	2 Business Directory Plugin, Wordpress	2026-04-15	4.7 Medium
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.
CVE-2025-64631	2 Wclovers, Wordpress	2 Wcfm Marketplace, Wordpress	2026-04-15	5 Medium
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.7.1.
CVE-2025-68498	2 Crocoblock, Wordpress	2 Jettabs, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Crocoblock JetTabs jet-tabs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetTabs: from n/a through <= 2.2.12.
CVE-2025-55712	2 Posimyth, Wordpress	2 The Plus Addons For Elementor Page Builder Lite, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through <= 6.3.13.
CVE-2025-24757	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2.
CVE-2025-68517	2 Essekia, Wordpress	2 Tablesome Table, Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.
CVE-2025-68523	2 Spiffyplugins, Wordpress	2 Spiffy Calendar, Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.
CVE-2025-57899	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Compress: from n/a through <= 6.50.54.
CVE-2025-68572	2 Spider-themes, Wordpress	2 Bbp Core, Wordpress	2026-04-15	8.8 High
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1.
CVE-2025-5805	2 Ninetheme, Wordpress	2 Electron, Wordpress	2026-04-15	8.8 High
Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.
CVE-2023-48775			2026-04-15	5.3 Medium
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
CVE-2025-66005	1 Shadowblip	1 Inputplumber	2026-04-15	N/A
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session.
CVE-2025-68591	2 Mitchell Bennis, Wordpress	2 Simple File List, Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.18.
CVE-2025-68596	2 Bitapps, Wordpress	2 Bit Assist, Wordpress	2026-04-15	8.8 High
Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
CVE-2024-6599	2 Mekshq, Wordpress	2 Meks Video Importer, Wordpress	2026-04-15	4.3 Medium
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys. CVE-2024-38733 may be a duplicate of this issue.
CVE-2023-50850			2026-04-15	4.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
CVE-2025-58600	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.9.
CVE-2025-58601	2 Radiustheme, Wordpress	2 Classified Listing, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6.
CVE-2025-66054	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-66133	2 Wordpress, Wp Legal Pages	2 Wordpress, Wp Cookie Notice	2026-04-15	5.3 Medium
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.7.

« first previous Page 103 of 527. next last »