Export limit exceeded: 11351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28394 | 1 Advancedplugins | 1 Reportsstatistics | 2026-04-15 | 9.8 Critical |
| An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. | ||||
| CVE-2025-3417 | 2026-04-15 | 8.8 High | ||
| The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-62914 | 2 Anibalwainstein, Wordpress | 2 Effect Maker, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a through <= 1.2.1. | ||||
| CVE-2025-57972 | 3 Woocommerce, Wordpress, Wpfactory | 3 Woocommerce, Wordpress, Helpdesk Support Ticket System | 2026-04-15 | N/A |
| Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1. | ||||
| CVE-2025-27008 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a. | ||||
| CVE-2025-23529 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Minterpress: from n/a through <= 1.0.5. | ||||
| CVE-2024-2797 | 2026-04-15 | 5.3 Medium | ||
| The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms. | ||||
| CVE-2024-31242 | 1 Bricksforge | 1 Bricksforge | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | ||||
| CVE-2025-64639 | 3 Mainwp, Wordpress, Wp Compress | 3 Mainwp, Wordpress, For Mainwp | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.17. | ||||
| CVE-2025-11988 | 2 Odude, Wordpress | 2 Crypto Tool, Wordpress | 2026-04-15 | 5.3 Medium |
| The Crypto plugin for WordPress is vulnerable to unauthorized manipulation of data in all versions up to, and including, 2.22. This is due to the plugin registering an unauthenticated AJAX action (wp_ajax_nopriv_crypto_connect_ajax_process) that allows calling the crypto_delete_json method with only a publicly-available nonce check. This makes it possible for unauthenticated attackers to delete specific JSON files matching the pattern *_pending.json within the wp-content/uploads/yak/ directory, causing data loss and denial of service for plugin workflows that rely on these artifacts. | ||||
| CVE-2025-1777 | 2026-04-15 | 6.4 Medium | ||
| The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-67589 | 2 Wordpress, Wpovernight | 2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1. | ||||
| CVE-2024-37439 | 1 Uncannyowl | 1 Uncanny Toolkit Pro For Learndash | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0 | ||||
| CVE-2025-23684 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Tool: from n/a through <= 2.2. | ||||
| CVE-2025-57907 | 2 Heureka, Wordpress | 2 Heureka, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Heureka Group Heureka heureka allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Heureka: from n/a through <= 1.1.0. | ||||
| CVE-2025-64296 | 3 Facebook, Woocommerce, Wordpress | 3 Facebook For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through <= 3.5.7. | ||||
| CVE-2025-66072 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47. | ||||
| CVE-2024-12618 | 2 Newsletter2go, Wordpress | 2 Newsletter2go, Wordpress | 2026-04-15 | 4.3 Medium |
| The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles. | ||||
| CVE-2024-37921 | 1 Kibokolabs | 1 Chained Quiz | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8. | ||||
| CVE-2025-64245 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through <= 1.5.12. | ||||