Export limit exceeded: 343242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343242 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7400 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5816 | 2025-07-22 | 4.3 Medium | ||
| The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the get_order_detail() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's orders. | ||||
| CVE-2025-5811 | 2025-07-22 | 5.3 Medium | ||
| The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values on the WordPress site. | ||||
| CVE-2025-6726 | 2025-07-22 | 4.3 Medium | ||
| The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_options() function in all versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post meta for arbitrary posts. | ||||
| CVE-2025-6718 | 1 Wordpress | 1 Wordpress | 2025-07-22 | 8.8 High |
| The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands. | ||||
| CVE-2025-7772 | 1 Wordpress | 1 Wordpress | 2025-07-22 | 6.5 Medium |
| The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-6813 | 2025-07-22 | 8.8 High | ||
| The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges. | ||||
| CVE-2025-6721 | 1 Wordpress | 1 Wordpress | 2025-07-22 | 5.3 Medium |
| The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrary orders. | ||||
| CVE-2025-6720 | 1 Wordpress | 1 Wordpress | 2025-07-22 | 5.3 Medium |
| The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files. | ||||
| CVE-2024-43154 | 2 Bracketspace, Wordpress | 2 Advanced Cron Manager, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. | ||||
| CVE-2025-52803 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-48339 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | ||||
| CVE-2024-43260 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4. | ||||
| CVE-2024-34758 | 2 Wordpress, Wpmet | 2 Wordpress, Wp Fundraising Donation And Crowdfunding Platform | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. | ||||
| CVE-2023-41865 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6. | ||||
| CVE-2023-27456 | 1 Hashthemes | 1 Total | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. | ||||
| CVE-2025-3871 | 2025-07-18 | 5.3 Medium | ||
| Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has configured GOTP. | ||||
| CVE-2025-3557 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2876 | 2 Melapress, Wordpress | 2 Melapress Login Security, Wordpress | 2025-07-17 | 5.3 Medium |
| The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user. | ||||
| CVE-2025-3780 | 1 Wclovers | 1 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible | 2025-07-17 | 6.5 Medium |
| The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible for unauthenticated attackers to view and modify the plugin settings, including payment details and API keys | ||||
| CVE-2023-25791 | 1 Wordpress | 1 Wordpress | 2025-07-16 | 5.4 Medium |
| Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1. | ||||