Total
7724 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41132 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15. | ||||
| CVE-2025-67566 | 2 Wofficeio, Wordpress | 2 Woffice Core, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30. | ||||
| CVE-2025-67570 | 2 Westerndeal, Wordpress | 2 Wpforms Google Sheet Connector, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0. | ||||
| CVE-2025-67572 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4. | ||||
| CVE-2025-67577 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20. | ||||
| CVE-2024-1637 | 2026-04-15 | 4.3 Medium | ||
| The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with subscriber access or higher, to update plugin settings. | ||||
| CVE-2024-1994 | 2026-04-15 | 4.3 Medium | ||
| The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to apply and remove watermarks from images. | ||||
| CVE-2024-2033 | 2026-04-15 | 4.3 Medium | ||
| The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the get_assign_host_id AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate usernames, emails and IDs of all users on a site. | ||||
| CVE-2023-23975 | 1 Fullworksplugins | 1 Quick Event Manager | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4. | ||||
| CVE-2023-23986 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating – Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating – Google My Business: from n/a through 4.14. | ||||
| CVE-2025-14065 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'simpbire_carica_prenotazioni' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve all booking records containing customers' personally identifiable information (PII), including names, email addresses, and phone numbers. | ||||
| CVE-2023-47224 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0. | ||||
| CVE-2025-42915 | 1 Sap | 1 Fiori | 2026-04-15 | 5.4 Medium |
| Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2024-12712 | 2026-04-15 | 5.3 Medium | ||
| The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses. | ||||
| CVE-2025-49880 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms: from n/a through <= 1.1.5. | ||||
| CVE-2024-47581 | 2026-04-15 | 4.3 Medium | ||
| SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted. | ||||
| CVE-2025-49884 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents internal-linking-of-related-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Linking of Related Contents: from n/a through <= 1.1.8. | ||||
| CVE-2023-4730 | 1 Binhnguyenplus | 1 Ladiapp | 2026-04-15 | 5.3 Medium |
| The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts. | ||||
| CVE-2024-52485 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image wp-menu-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through <= 2.2. | ||||
| CVE-2025-49949 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.5 Medium |
| Missing Authorization vulnerability in templazee Templazee templazee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templazee: from n/a through <= 1.0.2. | ||||