Total
7711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1350 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | ||||
| CVE-2024-6465 | 2026-04-15 | 4.3 Medium | ||
| The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to regenerate the link's thumbnail image. | ||||
| CVE-2025-49459 | 3 Arm, Microsoft, Zoom | 5 Arm, Windows, Workplace and 2 more | 2026-04-15 | 7.8 High |
| Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2024-13637 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins.. | ||||
| CVE-2024-13643 | 2 Mvpthemes, Wordpress | 2 Zox News, Wordpress | 2026-04-15 | 8.8 High |
| The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and reset_options() functions in all versions up to and including 3.17.0. This vulnerability allows authenticated attackers with Subscriber-level access and above to update and delete arbitrary option values on the WordPress site. Attackers can exploit this issue to update the default user role for registration to Administrator and enable user registration, thereby gaining administrative access to the vulnerable site. Additionally, they could delete critical options, causing errors that may disrupt the site's functionality and deny service to legitimate users. | ||||
| CVE-2025-62740 | 2 Mario Peshev, Wordpress | 2 Wp-crm-system, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.6. | ||||
| CVE-2025-46823 | 2026-04-15 | N/A | ||
| openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch. | ||||
| CVE-2025-57991 | 2 Clariti, Wordpress | 2 Clariti, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Clariti Clariti clariti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clariti: from n/a through <= 1.2.1. | ||||
| CVE-2025-46811 | 1 Suse | 1 Manager | 2026-04-15 | 9.8 Critical |
| A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2. | ||||
| CVE-2024-1371 | 1 Wordpress | 2 Leadconnector, Wordpress | 2026-04-15 | 6.5 Medium |
| The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts. CVE-2024-34378 is likely a duplicate of this issue. | ||||
| CVE-2024-13717 | 2 Vcita, Wordpress | 2 Contact Form And Calls To Action By Vcita, Wordpress | 2026-04-15 | 4.3 Medium |
| The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets. | ||||
| CVE-2024-32148 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0. | ||||
| CVE-2023-30486 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0. | ||||
| CVE-2024-13767 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-14358 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5. | ||||
| CVE-2024-13801 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | ||||
| CVE-2024-13810 | 2026-04-15 | 4.3 Medium | ||
| The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo content and overwrite the site. | ||||
| CVE-2025-49396 | 2 Themify, Wordpress | 2 Themify Builder, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in themifyme Themify Builder themify-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themify Builder: from n/a through <= 7.6.7. | ||||
| CVE-2025-49377 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9. | ||||
| CVE-2025-49376 | 2 Delucks, Wordpress | 2 Delucks Seo, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9. | ||||