CWE-639 CVEs and Security Vulnerabilities

Filtered by CWE-639

Search

Switch to Advanced Search (Beta)

Total 1499 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68071	2 G5theme, Wordpress	2 Essential Real Estate, Wordpress	2026-04-01	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
CVE-2025-66132	1 Wordpress	1 Wordpress	2026-04-01	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through <= 2.2.29.
CVE-2025-49952	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-04-01	6.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.2.5.
CVE-2026-3321	1 On24	2 On24 Q&a Chat, On24 Q A Chat	2026-04-01	N/A
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may include IDs, private URLs, private messages, internal references, or other sensitive information that should only be exposed to authenticated users. In addition, the leaked content could be exploited to facilitate other malicious activities, such as reconnaissance for lateral movement, exploitation of related systems, or unauthorised access to internal applications referenced in the content of chat messages.
CVE-2026-4400	1 1millionbot	1 Millie Chat	2026-04-01	N/A
Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, could allow a remote attacker to access other users private chatbot conversations, revealing sensitive or confidential data without requiring credentials or impersonating users. In order for the vulnerability to be exploited, the attacker must have the user's conversation ID.
CVE-2026-25324	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-04-01	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25005	2 N-media, Wordpress	2 Frontend File Manager, Wordpress	2026-04-01	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5.
CVE-2026-24991	1 Wordpress	1 Wordpress	2026-04-01	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0.
CVE-2026-24950	2 Themeplugs, Wordpress	2 Authorsy, Wordpress	2026-04-01	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through <= 1.0.6.
CVE-2026-24634	2 Rustaurius, Wordpress	2 Ultimate Reviews, Wordpress	2026-04-01	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16.
CVE-2026-24631	2 Mikado-themes, Wordpress	2 Rosebud, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through <= 1.4.
CVE-2026-24599	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-04-01	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2026-24379	2 Wordpress, Wpjobportal	2 Wordpress, Wp Job Portal	2026-04-01	9.1 Critical
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.
CVE-2026-22430	2 Mikado-themes, Wordpress	2 Verdure, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.
CVE-2026-22426	1 Wordpress	1 Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2026-22411	2 Mikado-themes, Wordpress	2 Dolcino, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6.
CVE-2026-22409	2 Mikado-themes, Wordpress	2 Justicia, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22407	2 Mikado-themes, Wordpress	2 Roam, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
CVE-2026-22406	2 Mikado-themes, Wordpress	2 Overton, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
CVE-2026-22404	2 Mikado-themes, Wordpress	2 Innovio, Wordpress	2026-04-01	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.

« first previous Page 14 of 75. next last »