Export limit exceeded: 363758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11655 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-69187 2 E-plugins, Wordpress 2 Final User, Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2024-11355 2026-04-15 4.3 Medium
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view settings for playlists.
CVE-2024-1137 2026-04-15 4.3 Medium
The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.
CVE-2025-69193 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2024-12028 1 Alex Kirk 1 Friends 2026-04-15 5.3 Medium
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend.
CVE-2024-12155 1 Straightvisions 1 Sv100 Companion 2026-04-15 9.8 Critical
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. CVE-2024-54229 may be a duplicate of this issue.
CVE-2024-12265 2026-04-15 5.3 Medium
The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attackers to retrieve debug infromation.
CVE-2024-31695 1 Binance 3 Btc, Crypto, Nfts 2026-04-15 9.8 Critical
A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint.
CVE-2024-13767 1 Wordpress 1 Wordpress 2026-04-15 8.1 High
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVE-2024-13810 2026-04-15 4.3 Medium
The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo content and overwrite the site.
CVE-2024-13947 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 6 Medium
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-1717 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve a list of registered user emails.
CVE-2024-1984 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.
CVE-2024-3233 2026-04-15 4.3 Medium
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation.
CVE-2024-2109 2 Themeinwp, Wordpress 2 Booster Extension, Wordpress 2026-04-15 5.3 Medium
The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user emails
CVE-2023-3352 2026-04-15 4.3 Medium
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.
CVE-2024-43122 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9.
CVE-2023-48280 2026-04-15 7.5 High
Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.
CVE-2023-48683 1 Acronis 1 Cyber Protect Cloud Agent 2026-04-15 N/A
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
CVE-2024-27911 1 Lenovo 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more 2026-04-15 7.5 High
A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password.