Export limit exceeded: 10484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10484 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38702 | 1 Tychesoftwares | 1 Product Delivery Date For Woocommerce Lite | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2. | ||||
| CVE-2024-54379 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5. | ||||
| CVE-2024-32687 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Frequently Bought Together For Woocommerce | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3. | ||||
| CVE-2025-62145 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through <= 2.2.0. | ||||
| CVE-2024-32691 | 2 Realmag777, Wordpress | 2 Active Products Tables For Woocommerce, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. | ||||
| CVE-2025-53986 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in themeisle Hestia hestia allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hestia: from n/a through <= 3.2.10. | ||||
| CVE-2025-39385 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in vowelweb Sirat sirat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sirat: from n/a through <= 1.5.1. | ||||
| CVE-2025-58004 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in SmartDataSoft DriCub dricub-driving-school allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DriCub: from n/a through <= 2.9. | ||||
| CVE-2025-14061 | 2 Wordpress, Wplegalpages | 2 Wordpress, Wp Cookie Consent | 2026-04-15 | 5.3 Medium |
| The Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the gdpr_delete_policy_data function in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, attachments, and other post types by ID. | ||||
| CVE-2025-12362 | 3 Mycred, Saadiqbal, Wordpress | 3 Mycred, Mycred, Wordpress | 2026-04-15 | 5.3 Medium |
| The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to approve withdrawal requests, modify user point balances, and manipulate the payment processing system via the cashcred_pay_now AJAX action. | ||||
| CVE-2023-47647 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6. | ||||
| CVE-2025-3953 | 2026-04-15 | 5.4 Medium | ||
| The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings. | ||||
| CVE-2025-15507 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_sync_usage() function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's license status and credit balance. | ||||
| CVE-2025-66139 | 2 Merkulove, Wordpress | 2 Audier For Elementor, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9. | ||||
| CVE-2025-39457 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8. | ||||
| CVE-2024-13412 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. | ||||
| CVE-2023-46082 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through 2.4.2. | ||||
| CVE-2025-62965 | 2 Admin Management Xtended Project, Wordpress | 2 Admin Management Xtended, Wordpress | 2026-04-15 | 7.2 High |
| Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1. | ||||
| CVE-2025-23771 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress push-notification-for-post-and-buddypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push Notification for Post and BuddyPress: from n/a through <= 2.11. | ||||
| CVE-2024-56294 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.0.7. | ||||