Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10852 | 2026-04-15 | 4.3 Medium | ||
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings. | ||||
| CVE-2026-24616 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.5. | ||||
| CVE-2025-67917 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | ||||
| CVE-2024-10588 | 2 Eugenbobrowski, Wordpress | 2 Debug Tool, Wordpress | 2026-04-15 | 4.3 Medium |
| The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. | ||||
| CVE-2024-2882 | 2026-04-15 | N/A | ||
| SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. | ||||
| CVE-2026-24951 | 2 Saadiqbal, Wordpress | 2 Mycred, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3. | ||||
| CVE-2026-24965 | 3 Contest-gallery, Contest Gallery, Wordpress | 3 Contest Gallery, Contest Gallery, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1. | ||||
| CVE-2026-24967 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | ||||
| CVE-2024-10527 | 2 Clevelandwebdeveloper, Wordpress | 2 Spacer, Wordpress | 2026-04-15 | 3.1 Low |
| The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. | ||||
| CVE-2026-25020 | 2 Wordpress, Wp Connect | 2 Wordpress, Wp Sync For Notion | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0. | ||||
| CVE-2024-10390 | 2026-04-15 | 6.4 Medium | ||
| The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-25021 | 2 Mizan Themes, Wordpress | 2 Mizan Demo Importer, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through <= 0.1.3. | ||||
| CVE-2024-12711 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2026-04-15 | 5.3 Medium |
| The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. | ||||
| CVE-2024-12327 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | ||||
| CVE-2023-38383 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1. | ||||
| CVE-2026-1640 | 2 Taskbuilder, Wordpress | 2 Taskbuilder – Wordpress Project Management & Task Management,kanban View, Wordpress | 2026-04-15 | 4.3 Medium |
| The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions (AJAX actions: wppm_submit_proj_comment and wppm_submit_task_comment). This makes it possible for authenticated attackers, with subscriber-level access and above, to create comments on any project or task (including private projects they cannot view or are not assigned to), and inject arbitrary HTML and CSS via the insufficiently sanitized comment_body parameter. | ||||
| CVE-2025-67993 | 2 Vito Peleg, Wordpress | 2 Atarim, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1. | ||||
| CVE-2025-58029 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets classic-widgets-with-block-based-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Classic Widgets with Block-based Widgets: from n/a through <= 1.0.1. | ||||
| CVE-2025-67994 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yaycurrency | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. | ||||
| CVE-2025-68000 | 2 Pickplugins, Wordpress | 2 Testimonial Slider, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||||