Export limit exceeded: 365623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11788 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11788 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3722 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve and modify settings.
CVE-2024-37207 2 Theme4press, Wordpress 2 Demo Awesome, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.
CVE-2023-40679 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
CVE-2025-68086 2 Merkulove, Wordpress 2 Reformer For Elementor, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Elementor: from n/a through <= 1.0.6.
CVE-2024-10536 2026-04-15 4.3 Medium
The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes.
CVE-2024-10527 2 Clevelandwebdeveloper, Wordpress 2 Spacer, Wordpress 2026-04-15 3.1 Low
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.
CVE-2024-10629 1 Devfarm 1 Wp Gpx Maps 2026-04-15 8.8 High
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-67540 3 Elementor, Wealcoder, Wordpress 3 Elementor, Animation Addons For Elementor, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5.
CVE-2025-69191 1 Wordpress 1 Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.
CVE-2019-25237 2026-04-15 9.8 Critical
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint with 'user_role_mod' set to integer value '1' to elevate their privileges.
CVE-2025-69091 2 Kraftplugins, Wordpress 2 Demo Importer Plus, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.
CVE-2024-3664 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the set_thumbnail and delete_thumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with contributor-level access and above, to delete thumbnails and add thumbnails to posts they did not author.
CVE-2025-27435 2026-04-15 4.2 Medium
Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application.
CVE-2024-33000 2026-04-15 3.5 Low
SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system.
CVE-2025-27437 2026-04-15 4.3 Medium
A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability.
CVE-2024-3663 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_scraper_multi_scrape_action() function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts.
CVE-2025-12817 1 Postgresql 1 Postgresql 2026-04-15 3.1 Low
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2024-3662 2026-04-15 4.3 Medium
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site.
CVE-2023-47783 2026-04-15 8.3 High
Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
CVE-2025-2201 2026-04-15 N/A
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.