CWE-86 CVEs and Security Vulnerabilities

Export limit exceeded: 10474 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10474 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69359	2 Wordpress, Wpfunnels	2 Wordpress, Creator Lms	2026-04-15	5.3 Medium
Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.
CVE-2025-69361	2 Publishpress, Wordpress	2 Post Expirator, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
CVE-2024-9234	1 Wpmet	1 Gutenkit	2026-04-15	9.8 Critical
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
CVE-2025-69388	2 Cliengo, Wordpress	2 Cliengo – Chatbot, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in cliengo Cliengo – Chatbot cliengo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cliengo – Chatbot: from n/a through <= 3.0.4.
CVE-2023-47224			2026-04-15	7.5 High
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0.
CVE-2025-24580			2026-04-15	N/A
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
CVE-2025-24581			2026-04-15	N/A
Missing Authorization vulnerability in Themefic Instantio instantio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instantio: from n/a through <= 3.3.7.
CVE-2025-24583	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
CVE-2025-24584			2026-04-15	N/A
Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.3.0.
CVE-2025-24588	2 Patreon, Wordpress	2 Patreon Wordpress, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.
CVE-2025-24590			2026-04-15	N/A
Missing Authorization vulnerability in picu picu picu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects picu: from n/a through <= 2.4.0.
CVE-2025-24600			2026-04-15	N/A
Missing Authorization vulnerability in davidfcarr RSVPMarker rsvpmaker.This issue affects RSVPMarker : from n/a through <= 11.4.5.
CVE-2025-24603			2026-04-15	N/A
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Print Barcode Labels for your WooCommerce products/orders a4-barcode-generator.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through <= 3.4.10.
CVE-2025-24606			2026-04-15	N/A
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.1.
CVE-2025-24737	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Helper Premium: from n/a through <= 4.6.1.
CVE-2025-24743			2026-04-15	N/A
Missing Authorization vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.5.2.
CVE-2025-24744			2026-04-15	4.3 Medium
Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.
CVE-2025-24747			2026-04-15	N/A
Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0.
CVE-2025-24750			2026-04-15	N/A
Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.
CVE-2025-22541			2026-04-15	N/A
Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through <= 5.5.

« first previous Page 44 of 524. next last »