Total
5346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43268 | 2 Wordpress, Wpbackitup | 2 Wordpress, Backup And Restore Wordpress | 2025-07-12 | 5.4 Medium |
| Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||
| CVE-2025-32212 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Specia Theme Specia Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specia Companion: from n/a through 4.6. | ||||
| CVE-2025-31541 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in turitop TuriTop Booking System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TuriTop Booking System: from n/a through 1.0.10. | ||||
| CVE-2023-25959 | 2 Apollo13themes, Wordpress | 2 Apollo13 Framework Extensions, Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10. | ||||
| CVE-2025-24692 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3. | ||||
| CVE-2023-28165 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28. | ||||
| CVE-2025-26942 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Missing Authorization vulnerability in NotFound JetTricks allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetTricks: from n/a through 1.5.1. | ||||
| CVE-2025-32277 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211. | ||||
| CVE-2025-24682 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9. | ||||
| CVE-2023-28416 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5. | ||||
| CVE-2023-39995 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7. | ||||
| CVE-2024-38695 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6. | ||||
| CVE-2023-27625 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | ||||
| CVE-2024-13767 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.1 High |
| The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2023-46612 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6. | ||||
| CVE-2024-56048 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. | ||||
| CVE-2024-37096 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Popup Box Team Popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup box: from n/a through 4.5.1. | ||||
| CVE-2025-30821 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through 0.4.14. | ||||
| CVE-2024-9223 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5. | ||||
| CVE-2024-12027 | 2 Kofimokome, Wordpress | 2 Message Filter For Contact Form 7, Wordpress | 2025-07-12 | 4.3 Medium |
| The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. | ||||