Total
7699 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30958 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOffice for WP-Websites: from n/a through <= 6.5.1. | ||||
| CVE-2025-62931 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9. | ||||
| CVE-2025-30932 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32. | ||||
| CVE-2025-62131 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5. | ||||
| CVE-2025-58824 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in priyanshumittal Shk Corporate shk-corporate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shk Corporate: from n/a through <= 2.4.1.1. | ||||
| CVE-2025-15066 | 2026-04-15 | 6.2 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam) | ||||
| CVE-2025-22299 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Space Codes AI for SEO ai-for-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through <= 1.2.9. | ||||
| CVE-2025-22363 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Hermann LAHAMI Allada T-shirt Designer for Woocommerce allada-tshirt-designer-for-woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through <= 1.1. | ||||
| CVE-2025-39447 | 1 Crocoblock | 1 Jetelements For Elementor | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor jet-elements allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through <= 2.7.4.1. | ||||
| CVE-2024-32688 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. | ||||
| CVE-2024-7621 | 1 Wpfeedback | 1 Visual Website Collaboration | 2026-04-15 | 5.4 Medium |
| The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings. | ||||
| CVE-2024-4997 | 3 Victor Freitas, Victorfreitas, Wordpress | 3 Wpupper Share Buttons, Wpupper Share Buttons, Wordpress | 2026-04-15 | 5.3 Medium |
| The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages. | ||||
| CVE-2025-8152 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard. | ||||
| CVE-2025-49920 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10. | ||||
| CVE-2025-22739 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5. | ||||
| CVE-2025-29010 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5. | ||||
| CVE-2025-62115 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ThemeBoy Hide Plugins hide-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through <= 1.0.4. | ||||
| CVE-2025-49431 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Gnuget MF Plus WPML mf-plus-wpml allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MF Plus WPML: from n/a through <= 1.1. | ||||
| CVE-2025-13956 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-15 | 5.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts | ||||
| CVE-2024-49687 | 2 Storeapps, Wordpress | 2 Smart Manager, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0. | ||||