Export limit exceeded: 346615 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346615 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68025 | 2 Addonify, Wordpress | 2 Addonify Floating Cart For Woocommerce, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17. | ||||
| CVE-2025-68028 | 2 Passionate Brains, Wordpress | 2 Ga4wp: Google Analytics For Wordpress, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0. | ||||
| CVE-2025-68032 | 2 Passionate Brains, Wordpress | 2 Advanced Wc Analytics, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0. | ||||
| CVE-2025-68051 | 2 Shiprocket, Wordpress | 2 Shiprocket, Wordpress | 2026-04-24 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8. | ||||
| CVE-2025-68069 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-04-24 | 7.1 High |
| Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6. | ||||
| CVE-2025-68534 | 2 Add-ons.org, Wordpress | 2 Pdf For Wpforms, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0. | ||||
| CVE-2025-68545 | 2 Thembay, Wordpress | 2 Nika, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14. | ||||
| CVE-2025-68552 | 2 Webcodingplace, Wordpress | 2 Woocommerce Coming Soon Product With Countdown, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0. | ||||
| CVE-2025-68564 | 2 Sendy, Wordpress | 2 Sendy, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2. | ||||
| CVE-2025-68837 | 2 Elextensions, Wordpress | 2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5. | ||||
| CVE-2025-68852 | 2 Webmuehle, Wordpress | 2 Court Reservation, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13. | ||||
| CVE-2025-68853 | 2 Kleor, Wordpress | 2 Contact Manager, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1. | ||||
| CVE-2025-69063 | 2 Saad Iqbal, Wordpress | 2 New User Approve, Wordpress | 2026-04-24 | 8.6 High |
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0. | ||||
| CVE-2025-69298 | 2 Ghostpool, Wordpress | 2 Gauge, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. | ||||
| CVE-2025-69303 | 2 Modeltheme, Wordpress | 2 Modeltheme Framework, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through < 2.0.0. | ||||
| CVE-2025-69373 | 2 Beeteam368, Wordpress | 2 Vidorev, Wordpress | 2026-04-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. | ||||
| CVE-2025-69378 | 2 Wordpress, Xforwoocommerce | 2 Wordpress, Product Filter For Woocommerce | 2026-04-24 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2. | ||||
| CVE-2026-22471 | 2 Maximsecudeal, Wordpress | 2 Secudeal Payments For Ecommerce, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. | ||||
| CVE-2025-69393 | 2 Jthemes, Wordpress | 2 Exzo, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4. | ||||
| CVE-2026-6912 | 1 Aws | 1 Aws Ops Wheel | 2026-04-24 | 8.8 High |
| Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API call that sets the custom:deployment_admin attribute. To remediate this issue, users should redeploy from the updated repository and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||