Total
7706 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34813 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert.This issue affects MC Woocommerce Wishlist: from n/a through <= 1.7.8. | ||||
| CVE-2024-34820 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1. | ||||
| CVE-2024-6175 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like save_fields_settings, bup_delete_user_avatar, bup_crop_avatar_user_profile_image, and more in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates. | ||||
| CVE-2024-34826 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4. | ||||
| CVE-2025-66165 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7. | ||||
| CVE-2025-26960 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Unishippers Edition: from n/a through <= 2.4.9. | ||||
| CVE-2025-26961 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in FRESHFACE Fresh Framework fresh-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Fresh Framework: from n/a through <= 1.70.0. | ||||
| CVE-2024-35174 | 2 Flothemes, Wordpress | 2 Flo Forms, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42. | ||||
| CVE-2025-59005 | 2 Frenify, Wordpress | 2 Categorify, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5. | ||||
| CVE-2024-35237 | 1 Zelnickb | 1 Mit Identibot | 2026-04-15 | 7.5 High |
| MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e impacts all users who have performed verification with an instance of MIT IdentiBot that meets the following conditions: The instance of IdentiBot is tied to a "public" Discord application—i.e., users other than the API access registrant can add it to servers; *and* the instance has not yet been patched. In affected versions, IdentiBot does not check that a server is authorized before allowing members to execute slash and user commands in that server. As a result, any user can join IdentiBot to their server and then use commands (e.g., `/kerbid`) to reveal the full name and other information about a Discord user who has verified their affiliation with MIT using IdentiBot. The latest version of MIT IdentiBot contains a patch for this vulnerability (implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e). There is no way to prevent exploitation of the vulnerability without the patch. To prevent exploitation of the vulnerability, all vulnerable instances of IdentiBot should be taken offline until they have been updated. | ||||
| CVE-2023-37870 | 2026-04-15 | 8.1 High | ||
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.1.9. | ||||
| CVE-2024-6406 | 2026-04-15 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0. | ||||
| CVE-2025-12042 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in the csv-export.php file in all versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to directly access the file and obtain an export of all booking data. | ||||
| CVE-2024-3546 | 1 Webtoffee | 1 Backup And Migration | 2026-04-15 | 4.3 Medium |
| The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system. | ||||
| CVE-2025-12167 | 2 Rnzo, Wordpress | 2 Contact Form 7 Aweber Extension, Wordpress | 2026-04-15 | 4.3 Medium |
| The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_aweber_logreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the AWeber logs. | ||||
| CVE-2025-12174 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-04-15 | 6.5 Medium |
| The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directorist_prepare_listings_export_file' and 'directorist_type_slug_change' AJAX actions in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export listing details and change the directorist slug. | ||||
| CVE-2024-3555 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.2 High |
| The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to inject arbitrary pages and malicious web scripts. | ||||
| CVE-2025-12498 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2026-04-15 | 4.3 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function in all versions up to, and including, 4.2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add a note to the backend view of any booking. | ||||
| CVE-2024-35671 | 2 Minoji, Wordpress | 2 Mj Update History, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4. | ||||
| CVE-2024-35683 | 2 Teplitsa Of Social Technologies, Wordpress | 2 Leyka, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1. | ||||