Export limit exceeded: 12076 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11659 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-4351 1 Themeum 1 Tutor Lms 2026-04-08 8.8 High
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.
CVE-2024-4222 1 Themeum 1 Tutor Lms 2026-04-08 7.3 High
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
CVE-2024-3942 1 Stylemixthemes 1 Masterstudy Lms 2026-04-08 6.3 Medium
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.
CVE-2024-3895 1 Androidbubbles 1 Wp Datepicker 2026-04-08 8.8 High
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1.
CVE-2024-3869 1 Cusrev 1 Customer Reviews For Woocommerce 2026-04-08 4.3 Medium
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
CVE-2024-3610 1 Wensolutions 1 Wp Child Theme Generator 2026-04-08 5.3 Medium
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen.
CVE-2024-3599 1 Wpeka 1 Wp Cookie Consent 2026-04-08 5.3 Medium
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.
CVE-2024-3243 2 Cusrev, Ivole 2 Customer Reviews For Woocommerce, Customer Reviews For Woocommerce 2026-04-08 4.3 Medium
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails.
CVE-2024-3097 1 Imagely 1 Nextgen Gallery 2026-04-08 5.3 Medium
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.
CVE-2024-2538 1 Permalink Manager Lite Project 1 Permalink Manager Lite 2026-04-08 5.4 Medium
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.
CVE-2024-2395 2 Autopolis, Autopolisbs 2 Bulgarisation For Woocommerce, Bulgarisation For Woocommerce 2026-04-08 7.3 High
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-2298 1 Servit 1 Affiliate-toolkit 2026-04-08 4.3 Medium
The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating importing products.
CVE-2024-2107 1 Blossomthemes 1 Blossom Spa 2026-04-08 5.8 Medium
The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts.
CVE-2024-2043 1 Theinnovs 1 Eleforms 2026-04-08 5.3 Medium
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions.
CVE-2024-1991 1 Metagauss 1 Registrationmagic 2026-04-08 8.8 High
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
CVE-2024-1982 1 Wpvivid 1 Migration\, Backup\, Staging 2026-04-08 6.5 Medium
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.
CVE-2024-1934 1 Wpcompress 2 Image Optimizer, Wp Compress 2026-04-08 7.5 High
The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wps_local_compress::__construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset the CDN region and set a malicious URL to deliver images.
CVE-2024-1862 1 Renventura 1 Woocommerce Add To Cart Custom Redirect 2026-04-08 8.1 High
The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'.
CVE-2024-1860 2 Billminozzi, Sminozzi 2 Anti Hacker, Disable Json Api Login Lockdown Xml Rpc Pingback Stop User Enumeration Anit Hacker Scan 2026-04-08 6.5 Medium
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection
CVE-2024-1809 1 Analytify 1 Analytify - Google Analytics Dashboard 2026-04-08 5.4 Medium
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.