Export limit exceeded: 14123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32516 | 2 Palscode, Wordpress | 2 Multi Currency For Woocommerce, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5. | ||||
| CVE-2024-32515 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Qamar Sheeraz, Nasir Ahmad Mega Addons For Elementor.This issue affects Mega Addons For Elementor: from n/a through 1.8. | ||||
| CVE-2024-32524 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. | ||||
| CVE-2024-32509 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76. | ||||
| CVE-2024-38392 | 2026-04-15 | 9.1 Critical | ||
| Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. | ||||
| CVE-2024-3249 | 2026-04-15 | 4.3 Medium | ||
| The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages, update certain options, including WooCommerce page titles and Elementor settings, import widgets, and update the plugin's customizer settings and the WordPress custom CSS. NOTE: This vulnerability was partially fixed in version 1.6.2. | ||||
| CVE-2024-4199 | 2026-04-15 | 4.3 Medium | ||
| The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation. | ||||
| CVE-2024-40530 | 1 Uab Lexita | 1 Panteracrm Cms | 2026-04-15 | 7.5 High |
| A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | ||||
| CVE-2024-31375 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. | ||||
| CVE-2024-31366 | 2026-04-15 | 7.1 High | ||
| Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | ||||
| CVE-2024-37926 | 1 Volkov | 1 Wp Accessibility Helper | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9. | ||||
| CVE-2024-31347 | 2 Data443, Wordpress | 2 Tracking Code Manager, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0. | ||||
| CVE-2024-31342 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3. | ||||
| CVE-2024-31307 | 2026-04-15 | 6.3 Medium | ||
| Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4. | ||||
| CVE-2024-37921 | 1 Kibokolabs | 1 Chained Quiz | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8. | ||||
| CVE-2024-43120 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | ||||
| CVE-2024-30459 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | ||||
| CVE-2024-5858 | 2026-04-15 | 4.3 Medium | ||
| The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles. | ||||
| CVE-2024-4010 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2026-04-15 | 8.8 High |
| The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks. | ||||
| CVE-2024-3750 | 2026-04-15 | 8.8 High | ||
| The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions. | ||||