Export limit exceeded: 14049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10428 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10428 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46605 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Ruslan Suhar Convertful – Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Convertful – Your Ultimate On-Site Conversion Tool: from n/a through 2.5. | ||||
| CVE-2024-33908 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | ||||
| CVE-2023-25486 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | ||||
| CVE-2024-25912 | 2 Skymoonlabs, Wordpress | 2 Moveto, Wordpress | 2025-07-12 | 9.8 Critical |
| Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | ||||
| CVE-2023-29433 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in 腾讯云 tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7. | ||||
| CVE-2024-32787 | 2 Copy Content Protection Team, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1. | ||||
| CVE-2024-32717 | 1 Wpdeveloper | 1 Schedulepress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8. | ||||
| CVE-2023-49754 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Yogesh Pawar, Clarion Technologies Bulk Edit Post Titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through 5.0.0. | ||||
| CVE-2023-49858 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Austin Passy Custom Login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through 4.1.0. | ||||
| CVE-2024-32813 | 1 Softlab | 1 Integrate Google Drive | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9. | ||||
| CVE-2023-32094 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19. | ||||
| CVE-2024-38740 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6. | ||||
| CVE-2023-36694 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Missing Authorization vulnerability in Bryan Lee Kingkong Board.This issue affects Kingkong Board: from n/a through 2.1.0.2. | ||||
| CVE-2023-27449 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6. | ||||
| CVE-2024-32148 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0. | ||||
| CVE-2023-26002 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5. | ||||
| CVE-2024-34701 | 2 Mediawiki, Miraheze | 2 Mediawiki, Createwiki | 2025-07-12 | 5.9 Medium |
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made. This allows them to go to that request entry's on Special:RequestWikiQueue on the wiki where their local user ID matches and take any actions that the wiki requester is allowed to take from there. Commit 02e0f298f8d35155c39aa74193cb7b867432c5b8 fixes the issue. Important note about the fix: This vulnerability has been fixed by disabling access to the REST API and special pages outside of the wiki configured as the "global wiki" in `$wgCreateWikiGlobalWiki` in a user's MediaWiki settings. As a workaround, it is possible to disable the special pages outside of one's own global wiki by doing something similar to `miraheze/mw-config` commit e5664995fbb8644f9a80b450b4326194f20f9ddc that is adapted to one's own setup. As for the REST API, before the fix, there wasn't any REST endpoint that allowed one to make writes. Regardless, it is possible to also disable it outside of the global wiki by using `$wgCreateWikiDisableRESTAPI` and `$wgConf` in the configuration for one's own wiki farm.. | ||||
| CVE-2025-32408 | 1 Soffid | 1 Iam | 2025-07-12 | 2.5 Low |
| In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. | ||||
| CVE-2025-3063 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-42961 | 1 Sap | 1 Netweaver Application Server For Abap | 2025-07-12 | 4.9 Medium |
| Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected. | ||||