Total
7715 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3417 | 2026-04-15 | 8.8 High | ||
| The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-58980 | 2 Myrecorp, Wordpress | 2 Export Wp Page To Static Html/css, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through <= 4.1.0. | ||||
| CVE-2025-31609 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2. | ||||
| CVE-2025-59011 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through < 3.2.3. | ||||
| CVE-2024-2797 | 2026-04-15 | 5.3 Medium | ||
| The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms. | ||||
| CVE-2025-32259 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Alimir WP ULike wp-ulike.This issue affects WP ULike: from n/a through <= 4.7.9.1. | ||||
| CVE-2023-23887 | 1 Ibenic | 1 Simple Giveaways | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0. | ||||
| CVE-2023-25988 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery – YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery – YouTube Gallery: from n/a through 1.7.6. | ||||
| CVE-2026-24967 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | ||||
| CVE-2025-32244 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in QuantumCloud SEO Help seo-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Help: from n/a through <= 6.7.9. | ||||
| CVE-2025-32240 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through <= 1.0. | ||||
| CVE-2024-3287 | 1 Wpmudev | 1 Smartcrawl | 2026-04-15 | 5.3 Medium |
| The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types. | ||||
| CVE-2026-24965 | 3 Contest-gallery, Contest Gallery, Wordpress | 3 Contest Gallery, Contest Gallery, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1. | ||||
| CVE-2025-59416 | 1 Scratch Channel Project | 1 Scratch Channel | 2026-04-15 | N/A |
| The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2. | ||||
| CVE-2025-49971 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through <= 1.2. | ||||
| CVE-2025-66058 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | ||||
| CVE-2025-66068 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9. | ||||
| CVE-2025-59551 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.6. | ||||
| CVE-2025-49970 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through <= 1.0.6. | ||||
| CVE-2024-0138 | 1 Nvidia | 1 Base Command Manager | 2026-04-15 | 9.8 Critical |
| NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||