Total
7652 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3045 | 2 Croixhaug, Wordpress | 2 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin, Wordpress | 2026-04-08 | 7.5 High |
| The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments. | ||||
| CVE-2025-7040 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 8.2 High |
| The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters for organization settings and passes them directly to update_option() without any check of the user’s capabilities or a CSRF nonce. This makes it possible for unauthenticated attackers to change critical configuration (including toggling signing and encryption), potentially breaking the SSO flow and causing a denial-of-service. | ||||
| CVE-2025-12900 | 2 Ninjateam, Wordpress | 2 Filebird, Wordpress | 2026-04-08 | 4.3 Medium |
| The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author level access and above, to inject global folders and reassign arbitrary media attachments to those folders under certain circumstances. | ||||
| CVE-2020-36667 | 1 Jetbackup | 1 Jetbackup | 2026-04-08 | 5.4 Medium |
| The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them. | ||||
| CVE-2024-9223 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.3 Medium |
| The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5. | ||||
| CVE-2024-13800 | 1 Convertplug | 1 Convertplus | 2026-04-08 | 8.1 High |
| The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | ||||
| CVE-2025-14045 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.3 Medium |
| The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files. | ||||
| CVE-2023-4645 | 1 Igorfuna | 1 Ad Inserter | 2026-04-08 | 5.3 Medium |
| The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled. | ||||
| CVE-2025-6721 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 5.3 Medium |
| The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrary orders. | ||||
| CVE-2023-2494 | 1 Granthweb | 1 Go Pricing | 2026-04-08 | 4.6 Medium |
| The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege. | ||||
| CVE-2024-13229 | 1 Rankmath | 1 Seo | 2026-04-08 | 4.3 Medium |
| The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post. | ||||
| CVE-2025-13136 | 2 Westerndeal, Wordpress | 2 Gsheetconnector For Ninja Forms, Wordpress | 2026-04-08 | 4.3 Medium |
| The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve information about the system. | ||||
| CVE-2024-12027 | 2 Kofimokome, Wordpress | 2 Message Filter For Contact Form 7, Wordpress | 2026-04-08 | 4.3 Medium |
| The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. | ||||
| CVE-2024-0828 | 1 Hammadh | 1 Play.ht | 2026-04-08 | 5.4 Medium |
| The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio. | ||||
| CVE-2023-3124 | 1 Elementor | 1 Elementor Pro | 2026-04-08 | 8.8 High |
| The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. | ||||
| CVE-2023-1928 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2026-04-08 | 4.3 Medium |
| The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation. | ||||
| CVE-2024-5677 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.3 Medium |
| The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery. | ||||
| CVE-2026-0635 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.3 Medium |
| The Responsive Accordion Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resp_accordion_silder_save_images' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify any slider's image metadata including titles, descriptions, alt text, and links. | ||||
| CVE-2025-14043 | 2 Tainacan, Wordpress | 2 Tainacan, Wordpress | 2026-04-08 | 5.3 Medium |
| The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally returning true, which bypasses authentication and authorization validation. This makes it possible for unauthenticated attackers to create arbitrary metadata sections for any collection via the public REST API granted they can access the WordPress site. | ||||
| CVE-2025-9294 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-04-08 | 4.3 Medium |
| The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results. | ||||