Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39412 | 1 Averta | 1 Master Slider | 2025-05-27 | 4.3 Medium |
| Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8. | ||||
| CVE-2021-41803 | 1 Hashicorp | 1 Consul | 2025-05-27 | 7.1 High |
| HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2." | ||||
| CVE-2025-48271 | 2025-05-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1. | ||||
| CVE-2025-47690 | 2025-05-27 | 8.8 High | ||
| Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1. | ||||
| CVE-2025-30448 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-27 | 9.1 Critical |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication. | ||||
| CVE-2024-13703 | 1 Vcita | 1 Crm And Lead Management By Vcita | 2025-05-26 | 4.3 Medium |
| The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets. | ||||
| CVE-2025-2104 | 1 Pagelayer | 1 Pagelayer | 2025-05-26 | 4.3 Medium |
| The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site. | ||||
| CVE-2024-13358 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | 4.3 Medium |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | ||||
| CVE-2025-1780 | 1 Themekraft | 1 Buddypress Woocommerce My Account Integration | 2025-05-26 | 4.3 Medium |
| The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting. | ||||
| CVE-2024-50500 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-26 | 4.3 Medium |
| Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2. | ||||
| CVE-2025-24607 | 1 Northernbeacheswebsites | 1 Ideapush | 2025-05-23 | 5.8 Medium |
| Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71. | ||||
| CVE-2025-22289 | 1 Eniture | 1 Ltl Freight Quotes | 2025-05-23 | 6.5 Medium |
| Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8. | ||||
| CVE-2022-34344 | 1 Rymera | 1 Wholesale Suite | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | ||||
| CVE-2022-36418 | 1 Dcgws | 1 Hreflang Tags Lite | 2025-05-23 | 6.5 Medium |
| Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0. | ||||
| CVE-2023-34379 | 1 Magneticone | 1 Magento To Woocommerce Migration | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | ||||
| CVE-2023-23882 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-23 | 4.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | ||||
| CVE-2022-42884 | 1 Themeinprogress | 1 Wip Custom Login | 2025-05-23 | 5.4 Medium |
| Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | ||||
| CVE-2025-47619 | 2025-05-23 | 6.5 Medium | ||
| Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4. | ||||
| CVE-2025-47529 | 2025-05-23 | 6.5 Medium | ||
| Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1. | ||||
| CVE-2025-47688 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-05-23 | 5.3 Medium |
| Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1. | ||||