Total
7711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69349 | 2 Fahadmahmood, Wordpress | 2 Rss Feed Widget, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2. | ||||
| CVE-2024-35663 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0. | ||||
| CVE-2024-33596 | 1 Fivestarplugins | 1 Five Star Restaurant Reservations | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16. | ||||
| CVE-2025-69363 | 2 Cyberchimps, Wordpress | 2 Responsive Addons For Elementor, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8. | ||||
| CVE-2025-66525 | 2 Elasticemail, Wordpress | 2 Elastic Email Sender, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through <= 1.2.20. | ||||
| CVE-2025-66526 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34. | ||||
| CVE-2025-66528 | 2 Villatheme, Wordpress | 2 Thank You Page Customizer For Woocommerce, Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.8. | ||||
| CVE-2024-35665 | 1 Namithjawahar | 1 Insert Post Ads | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2. | ||||
| CVE-2025-66534 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9. | ||||
| CVE-2023-32506 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3. | ||||
| CVE-2023-32519 | 1 Webcodin | 1 Wcp Contact Form | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. | ||||
| CVE-2025-6813 | 2026-04-15 | 8.8 High | ||
| The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges. | ||||
| CVE-2024-33635 | 1 Piotnet | 1 Piotnet Addons For Elementor | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | ||||
| CVE-2023-32581 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7. | ||||
| CVE-2023-32585 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: from n/a through 1.4.6. | ||||
| CVE-2023-32586 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1. | ||||
| CVE-2023-32601 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | ||||
| CVE-2023-34009 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1. | ||||
| CVE-2024-24850 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | ||||
| CVE-2025-26656 | 2026-04-15 | 4.3 Medium | ||
| OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. | ||||