Total
5351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31417 | 2 Fahad Mahmood, Wordpress | 2 Wp Docs, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a. | ||||
| CVE-2025-31732 | 1 Gb-plugins | 1 Gb Gallery Slideshow | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GB Gallery Slideshow: from n/a through 1.3. | ||||
| CVE-2025-31822 | 2 Ashish Ajani, Wordpress | 2 Wp Simple Html Sitemap, Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2. | ||||
| CVE-2025-31868 | 1 Joomsky | 1 Js Job Manager | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-31877 | 2 Magnigenie, Wordpress | 2 Restropress, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | ||||
| CVE-2024-10813 | 1 Codeastrology | 1 Woo Product Table | 2025-07-12 | 5.3 Medium |
| The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data. | ||||
| CVE-2024-10542 | 1 Cleantalk | 2 Anti-spam, Antispam | 2025-07-12 | 9.8 Critical |
| The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | ||||
| CVE-2024-12596 | 1 Lifterlms | 1 Lifterlms | 2025-07-11 | 4.3 Medium |
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | ||||
| CVE-2025-2290 | 1 Lifterlms | 1 Lifterlms | 2025-07-11 | 5.3 Medium |
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to "Trash" for every published post, therefore limiting the availability of the website's content. | ||||
| CVE-2024-12713 | 1 Brainstormforce | 1 Sureforms | 2025-07-11 | 5.3 Medium |
| The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2024-1044 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-07-11 | 5.3 Medium |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled. | ||||
| CVE-2024-5784 | 1 Themeum | 1 Tutor Lms | 2025-07-11 | 7.1 High |
| The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc. | ||||
| CVE-2024-10717 | 1 Wpmonks | 1 Styler For Ninja Forms | 2025-07-11 | 6.5 Medium |
| The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value. | ||||
| CVE-2024-53298 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | 9.8 Critical |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2024-8771 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2025-07-10 | 4.3 Medium |
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages. | ||||
| CVE-2018-9382 | 1 Google | 1 Android | 2025-07-10 | 7.8 High |
| In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-3599 | 1 Wpeka | 1 Wp Cookie Consent | 2025-07-10 | 5.3 Medium |
| The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts. | ||||
| CVE-2024-6883 | 1 Eventespresso | 1 Event Espresso | 2025-07-10 | 4.3 Medium |
| The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings. | ||||
| CVE-2025-48916 | 1 Joshfabean | 1 Bookable Calendar | 2025-07-10 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13. | ||||
| CVE-2025-5282 | 1 Wptravelengine | 1 Wp Travel Engine | 2025-07-10 | 7.5 High |
| The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts. | ||||