Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13412 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. | ||||
| CVE-2024-43208 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1. | ||||
| CVE-2023-23985 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 3.7 Low |
| Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | ||||
| CVE-2024-12711 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2025-07-12 | 5.3 Medium |
| The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. | ||||
| CVE-2024-34803 | 1 Fastly | 1 Fastly | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | ||||
| CVE-2023-23725 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | ||||
| CVE-2023-28417 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12. | ||||
| CVE-2023-47693 | 2 Themefic, Wordpress | 2 Ultimate Addons For Contact Form 7, Wordpress | 2025-07-12 | 7.5 High |
| Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6. | ||||
| CVE-2023-47523 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Tag Creator: from n/a through 1.0.2. | ||||
| CVE-2024-33925 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. | ||||
| CVE-2024-37929 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4. | ||||
| CVE-2024-43157 | 2 Ncrafts, Wordpress | 2 Formcraft, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10. | ||||
| CVE-2023-47692 | 2 Flothemes, Wordpress | 2 Flo Forms, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through 1.0.41. | ||||
| CVE-2025-32224 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in shivammani Privyr CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Privyr CRM: from n/a through 1.0.1. | ||||
| CVE-2023-44142 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Inactive Logout Inactive Logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through 3.2.2. | ||||
| CVE-2024-37254 | 2 Mndpsingh287, Wordpress | 2 File Manager, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7. | ||||
| CVE-2025-31065 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4. | ||||
| CVE-2023-23988 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. | ||||
| CVE-2024-10399 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2025-07-12 | 4.3 Medium |
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. | ||||
| CVE-2025-31533 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3. | ||||