Total
5342 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56243 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in JS Morisset WPSSO Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSSO Core: from n/a through 18.18.1. | ||||
| CVE-2025-48262 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Michael Revellin-Clerc Url Rewrite Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Url Rewrite Analyzer: from n/a through 1.3.3. | ||||
| CVE-2023-27449 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6. | ||||
| CVE-2024-54402 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6. | ||||
| CVE-2024-10533 | 2 Ninjateam, Wordpress | 2 Wp Chat App, Wordpress | 2025-07-12 | 4.3 Medium |
| The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the filebird plugin. | ||||
| CVE-2024-56211 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9. | ||||
| CVE-2024-10092 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2025-07-12 | 4.3 Medium |
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones. | ||||
| CVE-2024-32148 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0. | ||||
| CVE-2023-26002 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5. | ||||
| CVE-2025-30934 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16. | ||||
| CVE-2025-32221 | 2 Spider-themes, Wordpress | 2 Eazydocs, Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EazyDocs: from n/a through 2.6.4. | ||||
| CVE-2025-32232 | 2 Era404, Wordpress | 2 Stafflist, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6. | ||||
| CVE-2025-32542 | 2 Eazyplugins, Wordpress | 2 Eazy Plugin Manager, Wordpress | 2025-07-12 | 8.8 High |
| Missing Authorization vulnerability in EazyPlugins Eazy Plugin Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eazy Plugin Manager: from n/a through 4.3.0. | ||||
| CVE-2025-3063 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-42989 | 1 Sap | 1 Netweaver Application Server For Abap | 2025-07-12 | 9.6 Critical |
| RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application. | ||||
| CVE-2025-24763 | 2 Bbpress, Wordpress | 2 Bbpress, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14. | ||||
| CVE-2025-42961 | 1 Sap | 1 Netweaver Application Server For Abap | 2025-07-12 | 4.9 Medium |
| Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected. | ||||
| CVE-2024-54251 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Prodigy Commerce Prodigy Commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through 3.0.9. | ||||
| CVE-2025-26961 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.6 High |
| Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0. | ||||
| CVE-2025-31376 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0. | ||||