Export limit exceeded: 10539 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10539 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3608 | 1 Pickplugins | 1 Product Designer | 2026-04-15 | 5.3 Medium |
| The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments. CVE-2024-38726 appears to be a duplicate of this issue. | ||||
| CVE-2022-46807 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2. | ||||
| CVE-2024-47560 | 1 Jscom | 1 Revoworks Cloud Client | 2026-04-15 | N/A |
| RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry. | ||||
| CVE-2024-32432 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1. | ||||
| CVE-2024-25907 | 2 Joomunited, Wordpress | 2 Wp Media Folder, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | ||||
| CVE-2025-31773 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in cedcommerce Ship Per Product ship-per-product allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ship Per Product: from n/a through <= 2.1.0. | ||||
| CVE-2025-53284 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1. | ||||
| CVE-2025-59451 | 1 Yosmart | 1 Yolink Application | 2026-04-15 | 3.5 Low |
| The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes. | ||||
| CVE-2025-24776 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0. | ||||
| CVE-2024-32509 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76. | ||||
| CVE-2024-50422 | 1 Cloudways | 1 Breeze | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.1.14. | ||||
| CVE-2025-30960 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8. | ||||
| CVE-2025-39385 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in vowelweb Sirat sirat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sirat: from n/a through <= 1.5.1. | ||||
| CVE-2025-32221 | 2 Spider-themes, Wordpress | 2 Eazydocs, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.7.1. | ||||
| CVE-2025-64323 | 1 Kgateway | 1 Kgateway | 2026-04-15 | 5.3 Medium |
| kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0. | ||||
| CVE-2025-22673 | 2 Wordpress, Wpfactory | 2 Wordpress, Ean For Woocommerce | 2026-04-15 | N/A |
| Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through <= 5.3.5. | ||||
| CVE-2025-58968 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through <= 2.1.3. | ||||
| CVE-2024-43209 | 1 Bitly | 1 Bitly | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. | ||||
| CVE-2025-49268 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Soft8Soft LLC Verge3D verge3d allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verge3D: from n/a through <= 4.9.4. | ||||
| CVE-2025-12061 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.6 High |
| The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements | ||||