CWE-86 CVEs and Security Vulnerabilities

Export limit exceeded: 10010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10010 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-52738	2 Mediawiki, Wordpress	2 Wikipedia Preview, Wordpress	2026-04-01	6.5 Medium
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through <= 1.15.0.
CVE-2025-49961	1 Wordpress	1 Wordpress	2026-04-01	6.3 Medium
Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0.
CVE-2025-49949	1 Wordpress	1 Wordpress	2026-04-01	5.5 Medium
Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2.
CVE-2025-49937	1 Wordpress	1 Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.
CVE-2025-49925	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2026-04-01	7.3 High
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2025-49922	2 Etruel, Wordpress	2 Wpematico Rss Feed Fetcher, Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.3.
CVE-2025-49920	1 Wordpress	1 Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10.
CVE-2025-49916	2 Multivendorx, Wordpress	2 Multivendorx, Wordpress	2026-04-01	8.6 High
Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23.
CVE-2025-49913	2 Coschedule, Wordpress	2 Coschedule, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in CoSchedule CoSchedule coschedule-by-todaymade allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoSchedule: from n/a through <= 3.4.0.
CVE-2025-49910	1 Wordpress	1 Wordpress	2026-04-01	8.2 High
Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through <= 1.1.4.
CVE-2025-49907	1 Wordpress	1 Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.
CVE-2025-49906	1 Wordpress	1 Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through <= 2.9.5.3.
CVE-2025-49903	2 Bdthemes, Wordpress	2 Zoloblocks, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.
CVE-2025-49902	1 Wordpress	1 Wordpress	2026-04-01	6.5 Medium
Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1.
CVE-2025-49899	2 Whydonate, Wordpress	2 Wp Whydonate, Wordpress	2026-04-01	5.3 Medium
Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15.
CVE-2025-49394	2 Bplugins, Wordpress	2 Image Gallery Block, Wordpress	2026-04-01	8.8 High
Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo gallery/photo album.: from n/a through <= 1.0.7.
CVE-2025-49377	2 Themefic, Wordpress	2 Hydra Booking, Wordpress	2026-04-01	7.5 High
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.
CVE-2025-49376	2 Delucks, Wordpress	2 Delucks Seo, Wordpress	2026-04-01	7.5 High
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.
CVE-2025-49375	1 Wordpress	1 Wordpress	2026-04-01	8.8 High
Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.
CVE-2025-49350	2 Marcoingraiti, Wordpress	2 Actionwear Products Sync, Wordpress	2026-04-01	4.3 Medium
Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through <= 2.3.3.

« first previous Page 94 of 501. next last »