Total
5262 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49687 | 2 Storeapps, Wordpress | 2 Smart Manager, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in StoreApps Smart Manager.This issue affects Smart Manager: from n/a through 8.45.0. | ||||
| CVE-2024-56067 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3. | ||||
| CVE-2025-31831 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Team AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AtomChat: from n/a through 1.1.6. | ||||
| CVE-2023-46610 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in quillforms.com Quill Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through 3.3.0. | ||||
| CVE-2024-50052 | 1 Mattermost | 1 Mattermost | 2025-07-12 | 4.3 Medium |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post. | ||||
| CVE-2023-47689 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animator: from n/a through 3.0.10. | ||||
| CVE-2023-46605 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Ruslan Suhar Convertful – Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Convertful – Your Ultimate On-Site Conversion Tool: from n/a through 2.5. | ||||
| CVE-2025-24737 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Helper Premium: from n/a through 4.6.1. | ||||
| CVE-2025-28997 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | ||||
| CVE-2024-51666 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Automattic Tours.This issue affects Tours: from n/a through 1.0.0. | ||||
| CVE-2024-33908 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0. | ||||
| CVE-2023-25486 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | ||||
| CVE-2024-25912 | 2 Skymoonlabs, Wordpress | 2 Moveto, Wordpress | 2025-07-12 | 9.8 Critical |
| Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | ||||
| CVE-2024-9187 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. | ||||
| CVE-2023-29433 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in 腾讯云 tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7. | ||||
| CVE-2024-11443 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2023-47762 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Betterdocs | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2. | ||||
| CVE-2025-31887 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. | ||||
| CVE-2024-12594 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit Login Attempts – Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers. | ||||
| CVE-2025-27270 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege Escalation. This issue affects Residential Address Detection: from n/a through 2.5.4. | ||||