Total
7696 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68993 | 3 Woocommerce, Wordpress, Xforwoocommerce | 3 Woocommerce, Wordpress, Share, Print And Pdf Products | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in XforWooCommerce Share, Print and PDF Products for WooCommerce share-print-pdf-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share, Print and PDF Products for WooCommerce: from n/a through <= 3.1.2. | ||||
| CVE-2023-51362 | 1 Premio | 1 All In One Floating Contact Form My Sticky Elements | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Premio All-in-one Floating Contact Form – My Sticky Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All-in-one Floating Contact Form – My Sticky Elements: from n/a through 2.1.3. | ||||
| CVE-2025-62046 | 2 Codexthemes, Wordpress | 2 Thegem, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5. | ||||
| CVE-2025-11991 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the run_callback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate forms using AI, consuming site's AI usage limits. | ||||
| CVE-2024-2292 | 2026-04-15 | N/A | ||
| Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. | ||||
| CVE-2024-12922 | 2 Themegoods, Wordpress | 2 Altair, Wordpress | 2026-04-15 | 9.8 Critical |
| The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-12920 | 2026-04-15 | 8.8 High | ||
| The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options. | ||||
| CVE-2025-47467 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0. | ||||
| CVE-2025-47469 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.0. | ||||
| CVE-2024-58101 | 2026-04-15 | 8.1 High | ||
| Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor. | ||||
| CVE-2025-31843 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce openai-tools-for-wp-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OpenAI Tools for WordPress & WooCommerce: from n/a through <= 2.2.1. | ||||
| CVE-2025-12134 | 2 Bdthemes, Wordpress | 2 Zoloblocks, Wordpress | 2026-04-15 | 5.3 Medium |
| The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups. | ||||
| CVE-2025-63056 | 2 Bestwebsoft, Wordpress | 2 Contact Form, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.6. | ||||
| CVE-2024-54289 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.3.1. | ||||
| CVE-2024-13307 | 2026-04-15 | 5.3 Medium | ||
| The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user. | ||||
| CVE-2025-30803 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Writing Statistics: from n/a through <= 5.3. | ||||
| CVE-2024-32519 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in GutenGeek GG Woo Feed for WooCommerce.This issue affects GG Woo Feed for WooCommerce: from n/a through 1.2.6. | ||||
| CVE-2024-13232 | 2026-04-15 | 8.8 High | ||
| The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary SQL statements that can leveraged to create a new administrative user account. | ||||
| CVE-2025-0763 | 2 Webcodingplace, Wordpress | 2 Ultimate Classified Listings, Wordpress | 2026-04-15 | 4.3 Medium |
| The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_custom_fields function in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin custom fields. | ||||
| CVE-2025-62147 | 2 Realbig, Wordpress | 2 Realbig, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3. | ||||