Total
852 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5311 | 2026-04-02 | 5.3 Medium | ||
| A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function Webdav_Access_List of the file /cgi-bin/file_center.cgi. Performing a manipulation of the argument cmd results in improper access controls. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2025-68869 | 2 Lazycoders, Wordpress | 2 Lazytasks, Wordpress | 2026-04-02 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37. | ||||
| CVE-2026-32916 | 1 Openclaw | 1 Openclaw | 2026-04-02 | 9.4 Critical |
| OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent methods to perform privileged gateway actions including session deletion and agent execution. | ||||
| CVE-2026-5312 | 2026-04-02 | 5.3 Medium | ||
| A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability is the function FMT_restart/Status_HDInfo/SMART_List/ScanDisk_info/ScanDisk/volume_status/Get_Volume_Mapping/FMT_check_disk_remount_state/FMT_rebuildinfo/FMT_result_list/FMT_result_list_phy/FMT_get_dminfo/FMT_manually_rebuild_info/Get_current_raidtype of the file /cgi-bin/dsk_mgr.cgi. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-23550 | 2 Modular, Wordpress | 2 Modular, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. | ||||
| CVE-2025-58841 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through <= 1.0.4. | ||||
| CVE-2025-54735 | 2 Cubewp, Wordpress | 2 Cubewp, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24. | ||||
| CVE-2025-54697 | 2 Kadencewp, Wordpress | 2 Kadence Woocommerce Email Designer, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. | ||||
| CVE-2025-54049 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2. | ||||
| CVE-2025-53580 | 2026-04-01 | N/A | ||
| Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. | ||||
| CVE-2025-52836 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. | ||||
| CVE-2025-52726 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0. | ||||
| CVE-2025-49867 | 2 Inspirythemes, Wordpress | 2 Realhomes, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0. | ||||
| CVE-2025-49422 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. | ||||
| CVE-2025-49401 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | ||||
| CVE-2025-49388 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. | ||||
| CVE-2025-48348 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline site-offline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Offline: from n/a through <= 1.5.7. | ||||
| CVE-2025-48165 | 2 Delucks, Wordpress | 2 Delucks Seo, Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0. | ||||
| CVE-2025-48164 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3. | ||||
| CVE-2025-48142 | 1 Wordpress | 1 Wordpress | 2026-04-01 | N/A |
| Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9. | ||||