Export limit exceeded: 10541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10541 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12920 | 2026-04-15 | 8.8 High | ||
| The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options. | ||||
| CVE-2024-1637 | 2026-04-15 | 4.3 Medium | ||
| The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings. | ||||
| CVE-2025-62881 | 2 Wordpress, Wplab | 2 Wordpress, Wp-lister Lite For Ebay | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.3. | ||||
| CVE-2025-62888 | 2 Marcomilesi, Wordpress | 2 Wp Attachments, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2. | ||||
| CVE-2025-5288 | 2026-04-15 | 9.8 Critical | ||
| The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges. | ||||
| CVE-2025-62946 | 2 Everestthemes, Wordpress | 2 Everest Backup, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8. | ||||
| CVE-2025-62952 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3. | ||||
| CVE-2024-13530 | 2026-04-15 | 4.3 Medium | ||
| The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete login logs and end user sessions. | ||||
| CVE-2024-2109 | 2 Themeinwp, Wordpress | 2 Booster Extension, Wordpress | 2026-04-15 | 5.3 Medium |
| The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user emails | ||||
| CVE-2025-53236 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.3 Medium |
| Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0. | ||||
| CVE-2025-62965 | 2 Admin Management Xtended Project, Wordpress | 2 Admin Management Xtended, Wordpress | 2026-04-15 | 7.2 High |
| Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1. | ||||
| CVE-2025-53295 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in iCount iCount Payment Gateway icount allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iCount Payment Gateway: from n/a through <= 2.0.7. | ||||
| CVE-2025-62995 | 2 Multiparcels, Wordpress | 2 Multiparcels Shipping For Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through <= 1.30.12. | ||||
| CVE-2025-68850 | 2 Codepeople, Wordpress | 2 Sell Downloads, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12. | ||||
| CVE-2025-53304 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message contact-form-7-hide-success-message allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form – 7 : Hide Success Message: from n/a through <= 1.1.4. | ||||
| CVE-2025-53323 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist pre-publish-post-checklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pre-Publish Post Checklist: from n/a through <= 3.1. | ||||
| CVE-2025-63001 | 2 Nicdark, Wordpress | 2 Hotel Booking, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8. | ||||
| CVE-2025-53340 | 2 Getawesomesupport, Wordpress | 2 Awesome Support, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Retrieve Embedded Sensitive Data.This issue affects Awesome Support: from n/a through <= 6.3.6. | ||||
| CVE-2025-53341 | 2 Themovation, Wordpress | 2 Stratus, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Theme - Stratus: from n/a through <= 4.2.5. | ||||
| CVE-2025-63002 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wpforchurch Sermon Manager sermon-manager-for-wordpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through <= 2.30.0. | ||||