Total
6399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48155 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9. | ||||
| CVE-2025-54037 | 2 Blazethemes, Wordpress | 2 News Kit Elementor Addons, Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4. | ||||
| CVE-2025-53997 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4. | ||||
| CVE-2025-54018 | 2 Creativemindssolutions, Wordpress | 2 Cm Pop-up Banners, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4. | ||||
| CVE-2025-48166 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48. | ||||
| CVE-2025-49884 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8. | ||||
| CVE-2025-29000 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8. | ||||
| CVE-2025-49319 | 2 Wordpress, Wpfactory | 2 Wordpress, Wishlist For Woocommerce | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3. | ||||
| CVE-2025-52804 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3. | ||||
| CVE-2025-52803 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||||
| CVE-2025-28965 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 8.6 High |
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects URL Shortener: from n/a through 3.0.7. | ||||
| CVE-2025-48339 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. | ||||
| CVE-2024-43260 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4. | ||||
| CVE-2024-34758 | 2 Wordpress, Wpmet | 2 Wordpress, Wp Fundraising Donation And Crowdfunding Platform | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. | ||||
| CVE-2023-41865 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6. | ||||
| CVE-2023-27456 | 1 Hashthemes | 1 Total | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. | ||||
| CVE-2025-3871 | 2025-07-18 | 5.3 Medium | ||
| Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has configured GOTP. | ||||
| CVE-2025-3557 | 1 Scriptandtools | 1 Ecommerce-website-in-php | 2025-07-17 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2876 | 2 Melapress, Wordpress | 2 Melapress Login Security, Wordpress | 2025-07-17 | 5.3 Medium |
| The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user. | ||||
| CVE-2025-3780 | 1 Wclovers | 1 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible | 2025-07-17 | 6.5 Medium |
| The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible for unauthenticated attackers to view and modify the plugin settings, including payment details and API keys | ||||