Total
6407 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45104 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterlinks | 2025-07-13 | 7.3 High |
| Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. | ||||
| CVE-2023-46637 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Generate Dummy Posts: from n/a through 1.0.0. | ||||
| CVE-2024-13746 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts. | ||||
| CVE-2025-22722 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8. | ||||
| CVE-2024-32677 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. | ||||
| CVE-2024-47337 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1. | ||||
| CVE-2024-13637 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins.. | ||||
| CVE-2025-32624 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| Missing Authorization vulnerability in czater Czater.pl – live chat i telefon allows Cross Site Request Forgery. This issue affects Czater.pl – live chat i telefon: from n/a through 1.0.5. | ||||
| CVE-2023-46633 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2. | ||||
| CVE-2025-31836 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in matthewrubin Review Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Review Manager: from n/a through 2.2.0. | ||||
| CVE-2024-43273 | 1 Icegram | 1 Icegram Collect | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14. | ||||
| CVE-2024-34768 | 2 Fastly, Wordpress | 2 Fastly, Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | ||||
| CVE-2025-31752 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in termel Bulk Fields Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Fields Editor: from n/a through 1.8.0. | ||||
| CVE-2024-12848 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | ||||
| CVE-2024-10786 | 2 10up, Wordpress | 2 Simple Local Avatars, Wordpress | 2025-07-13 | 4.3 Medium |
| The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches. | ||||
| CVE-2025-27296 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.2 High |
| Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue: from n/a through 1.5. | ||||
| CVE-2024-53785 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1. | ||||
| CVE-2025-0955 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| The VidoRev Extensions plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'vidorev_import_single_video' AJAX action in all versions up to, and including, 2.9.9.9.9.9.5. This makes it possible for unauthenticated attackers to import arbitrary youtube videos. | ||||
| CVE-2025-1249 | 2 Pixelite, Wordpress | 2 Events Manager, Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1. | ||||
| CVE-2025-1404 | 2 Ays-pro, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2025-07-13 | 5.3 Medium |
| The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails. | ||||