Total
7690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31118 | 2 Smartypantsplugins, Wordpress | 2 Sp Project & Document Manager, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70. | ||||
| CVE-2024-56003 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through <= 1.0.1. | ||||
| CVE-2025-12961 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wp_ajax_save_settings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the `dlpn_save_settings()` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to arbitrarily modify plugin settings including display text, download links, button colors, and other visual customizations. | ||||
| CVE-2024-22156 | 1 Snpdigital | 1 Salesking Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||||
| CVE-2024-1050 | 2026-04-15 | 4.3 Medium | ||
| The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets. CVE-2024-34815 is a duplicate of this issue. | ||||
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2026-04-15 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
| CVE-2025-31765 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in themeqx GDPR Cookie Notice gdpr-cookie-notice allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR Cookie Notice: from n/a through <= 1.2.0. | ||||
| CVE-2024-10437 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Messages For Woocommerce | 2026-04-15 | 4.3 Medium |
| The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages. | ||||
| CVE-2025-67562 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through < 20.0. | ||||
| CVE-2024-33941 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1. | ||||
| CVE-2024-11154 | 1 Kevinb | 1 Publishpress Revisions Duplicate Posts Submit Approve And Schedule Content Changes | 2026-04-15 | 4.3 Medium |
| The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including revisions of posts and pages. | ||||
| CVE-2025-66527 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in VanKarWai Lobo lobo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lobo: from n/a through <= 2.8.6. | ||||
| CVE-2024-55996 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in dreamfox Dreamfox Media Payment gateway per Product for Woocommerce woocommerce-product-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through <= 3.5.6. | ||||
| CVE-2025-3906 | 2026-04-15 | 8.8 High | ||
| The Integração entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin's registration flow to Administrator, which allows any user to create an Administrator account. | ||||
| CVE-2025-48155 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Residential Address Detection: from n/a through <= 2.5.9. | ||||
| CVE-2024-10786 | 2 10up, Wordpress | 2 Simple Local Avatars, Wordpress | 2026-04-15 | 4.3 Medium |
| The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches. | ||||
| CVE-2025-32201 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.8.4. | ||||
| CVE-2025-12527 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes. | ||||
| CVE-2025-62099 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through <= 1.8.6. | ||||
| CVE-2025-31810 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in PickPlugins Question Answer question-answer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Question Answer: from n/a through <= 1.2.73. | ||||