Export limit exceeded: 364200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11713 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-0629 2026-04-15 5.3 Medium
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid.
CVE-2024-35685 1 Anders Noren 1 Radcliffe 2 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17.
CVE-2025-68947 1 Nsecsoft 1 Nscknl 2026-04-15 4.7 Medium
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.
CVE-2022-45070 2026-04-15 5.3 Medium
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
CVE-2024-10486 1 Automattic 1 Woocommerce 2026-04-15 5.3 Medium
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.
CVE-2024-11423 2026-04-15 7.5 High
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
CVE-2024-10673 1 Themehunk 1 Top Store 2026-04-15 8.8 High
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
CVE-2024-12712 2026-04-15 5.3 Medium
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.
CVE-2024-8431 2026-04-15 4.3 Medium
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.
CVE-2024-38695 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6.
CVE-2024-32805 1 Social Snap 1 Social Snap 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.
CVE-2025-10648 2 Cyberlord92, Wordpress 2 Yourmembership Single Sign On, Wordpress 2026-04-15 5.3 Medium
The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_display_test_attributes' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to read the profile data of the latest SSO login.
CVE-2024-0900 1 Wordpress 1 Elespare 2026-04-15 4.3 Medium
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts.
CVE-2024-0908 2 Abuhayat, Wordpress 2 Advanced Post Block, Wordpress 2026-04-15 5.3 Medium
The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected.
CVE-2025-23188 2026-04-15 4.3 Medium
An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability.
CVE-2019-25351 1 Centova Technologies Inc. 1 Centova Cast 2026-04-15 8.8 High
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
CVE-2024-35665 1 Namithjawahar 1 Insert Post Ads 2026-04-15 5.3 Medium
Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2.
CVE-2025-5117 2026-04-15 8.8 High
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.
CVE-2025-7689 2 Themefic, Wordpress 2 Hydra Booking, Wordpress 2026-04-15 8.8 High
The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password of an Administrator user, achieving full privilege escalation.
CVE-2024-12204 2026-04-15 5.4 Medium
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses.