Export limit exceeded: 43051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23991 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5. | ||||
| CVE-2025-49338 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6. | ||||
| CVE-2025-49339 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through <= 1.3.2. | ||||
| CVE-2025-49349 | 2 Reuters News Agency, Wordpress | 2 Reuters Direct, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0. | ||||
| CVE-2025-49356 | 3 Mykola Lukin, Woocommerce, Wordpress | 3 Orders Chat For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0. | ||||
| CVE-2024-50967 | 2026-04-15 | 6.5 Medium | ||
| The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. | ||||
| CVE-2025-49432 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1. | ||||
| CVE-2025-60086 | 2 Matt, Wordpress | 2 Wp Voting Contest, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8. | ||||
| CVE-2025-49651 | 2026-04-15 | 8.1 High | ||
| Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. | ||||
| CVE-2025-26928 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Xfinitysoft Order Limit for WooCommerce wc-order-limit-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Limit for WooCommerce: from n/a through <= 3.0.2. | ||||
| CVE-2025-68005 | 2 Themewant, Wordpress | 2 Easy Hotel Booking, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.9.0. | ||||
| CVE-2025-49857 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.4.2. | ||||
| CVE-2025-26944 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through <= 2.0.11. | ||||
| CVE-2025-49860 | 2 Majesticsupport, Wordpress | 2 Majestic Support, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support.This issue affects Majestic Support: from n/a through <= 1.1.0. | ||||
| CVE-2025-49864 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21. | ||||
| CVE-2025-49910 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.2 High |
| Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <= 1.1.4. | ||||
| CVE-2026-26205 | 1 Open-policy-agent | 1 Opa-envoy-plugin | 2026-04-15 | N/A |
| opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the `input.parsed_path` field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes (`//`) as authority components, and therefore dropping them from the parsed path. This creates a path interpretation mismatch between authorization policies and backend servers, enabling attackers to bypass access controls by crafting requests where the authorization filter evaluates a different path than the one ultimately served. Version 1.13.2-envoy-2 fixes the issue. | ||||
| CVE-2025-49906 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3. | ||||
| CVE-2025-49907 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9. | ||||
| CVE-2025-49916 | 2 Multivendorx, Wordpress | 2 Multivendorx, Wordpress | 2026-04-15 | 8.6 High |
| Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23. | ||||