Total
7709 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66149 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3. | ||||
| CVE-2025-60166 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wpshuffle WP Subscription Forms PRO wp-subscription-forms-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms PRO: from n/a through <= 2.0.5. | ||||
| CVE-2025-66150 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through <= 1.1.1. | ||||
| CVE-2025-66151 | 2 Merkulove, Wordpress | 2 Countdowner For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through <= 1.0.4. | ||||
| CVE-2025-42987 | 2026-04-15 | 4.3 Medium | ||
| SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application. | ||||
| CVE-2025-66153 | 2 Merkulove, Wordpress | 2 Headinger For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through <= 1.1.4. | ||||
| CVE-2025-66155 | 2 Merkulove, Wordpress | 2 Questionar For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Questionar for Elementor questionar-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through <= 1.1.7. | ||||
| CVE-2025-66156 | 2 Merkulove, Wordpress | 2 Watcher For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Watcher for Elementor watcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through <= 1.0.9. | ||||
| CVE-2025-66157 | 2 Merkulove, Wordpress | 2 Slider For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Sliper for Elementor sliper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliper for Elementor: from n/a through <= 1.0.10. | ||||
| CVE-2025-66158 | 2 Merkulove, Wordpress | 2 Gmaper For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Gmaper for Elementor gmaper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through <= 1.0.9. | ||||
| CVE-2025-66159 | 2 Merkulove, Wordpress | 2 Walker For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through <= 1.1.6. | ||||
| CVE-2025-31603 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2. | ||||
| CVE-2025-31377 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels woocommerce-to-google-merchant-center allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Product Feed For Marketing Channels: from n/a through <= 1.9.0. | ||||
| CVE-2025-66160 | 2 Merkulove, Wordpress | 2 Select Graphist For Elementor, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor graphist-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a through <= 1.2.10. | ||||
| CVE-2025-66164 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1. | ||||
| CVE-2025-23188 | 2026-04-15 | 4.3 Medium | ||
| An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. | ||||
| CVE-2025-69349 | 2 Fahadmahmood, Wordpress | 2 Rss Feed Widget, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2. | ||||
| CVE-2025-6043 | 2026-04-15 | 8.1 High | ||
| The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 17.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site. | ||||
| CVE-2024-35663 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0. | ||||
| CVE-2025-31555 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ContentMX ContentMX Content Publisher contentmx-content-publisher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ContentMX Content Publisher: from n/a through <= 1.0.6. | ||||