Total
7711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31530 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Smackcoders Inc., Google SEO Pressor Snippet google-seo-author-snippets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google SEO Pressor Snippet: from n/a through <= 2.0. | ||||
| CVE-2025-10753 | 2 Cyberlord92, Wordpress | 2 Oauth Single Sign On – Sso (oauth Client), Wordpress | 2026-04-15 | 5.3 Medium |
| The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and authentication verification on the OAuth redirect functionality accessible via the 'oauthredirect' option parameter. This makes it possible for unauthenticated attackers to set the global redirect URL option via the redirect_url parameter granted they can access the site directly. | ||||
| CVE-2025-3949 | 2026-04-15 | 4.3 Medium | ||
| The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions. | ||||
| CVE-2024-55408 | 2026-04-15 | 5.3 Medium | ||
| An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied. | ||||
| CVE-2025-23991 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5. | ||||
| CVE-2025-22560 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in saoshyant1994 Saoshyant Page Builder saoshyant-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through <= 3.8. | ||||
| CVE-2025-10749 | 2 10up, Wordpress | 2 Microsoft Azure Storage For Wordpress, Wordpress | 2026-04-15 | 5.4 Medium |
| The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated attackers with subscriber-level access and above to delete arbitrary media files from the WordPress Media Library via the replace_attachment parameter granted they can access the nonce which is exposed to all authenticated users. | ||||
| CVE-2025-30817 | 2 Wordpress, Wpzita | 2 Wordpress, Z Companion | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13. | ||||
| CVE-2025-22543 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in beautifultemplates ST Gallery WP st-gallery-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through <= 1.0.8. | ||||
| CVE-2024-55991 | 2 Wordpress, Wp-crm | 2 Wordpress, Wp-crm System | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.2.9.1. | ||||
| CVE-2024-55993 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61. | ||||
| CVE-2024-55995 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Torod Company for Information Technology Torod torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through <= 1.7. | ||||
| CVE-2024-55996 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through <= 3.5.6. | ||||
| CVE-2024-56003 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1. | ||||
| CVE-2024-56006 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1. | ||||
| CVE-2025-50010 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Zapier Zapier for WordPress zapier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zapier for WordPress: from n/a through <= 1.5.2. | ||||
| CVE-2024-56007 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in leader codes Leader leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through <= 2.6.1. | ||||
| CVE-2024-56008 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through <= 1.0.4. | ||||
| CVE-2025-10732 | 2 Brainstormforce, Wordpress | 2 Sureforms, Wordpress | 2026-04-15 | 4.3 Medium |
| The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve sensitive information including API keys for Google reCAPTCHA, Cloudflare Turnstile, hCaptcha, admin email addresses, and security-related form settings. | ||||
| CVE-2025-5483 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled. | ||||