Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53284 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1. | ||||
| CVE-2025-50039 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in vgwort VG WORT METIS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VG WORT METIS: from n/a through 2.0.0. | ||||
| CVE-2025-47565 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.3 Medium |
| Missing Authorization vulnerability in ashanjay EventON allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventON: from n/a through 4.9.9. | ||||
| CVE-2025-47634 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9. | ||||
| CVE-2025-29007 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4. | ||||
| CVE-2025-30929 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0. | ||||
| CVE-2025-42986 | 1 Sap | 2 Abap Platform, Netweaver | 2025-07-13 | 4.3 Medium |
| Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application. | ||||
| CVE-2025-42953 | 1 Sap | 1 Netweaver | 2025-07-13 | 8.1 High |
| SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system. | ||||
| CVE-2024-24799 | 2 Woocommerce, Wordpress | 2 Woocommerce Box Office, Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | ||||
| CVE-2025-26920 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through 0.4.8. | ||||
| CVE-2024-10783 | 2 Mainwp, Wordpress | 2 Mainwp Child, Wordpress | 2025-07-13 | 8.1 High |
| The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch. | ||||
| CVE-2024-51660 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Zakaria Binsaifullah Easy Accordion Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through 1.2.3. | ||||
| CVE-2025-29013 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9. | ||||
| CVE-2025-30605 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in ldwin79 sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects sourceplay-navermap: from n/a through 0.0.2. | ||||
| CVE-2024-49698 | 2 Pricelisto, Wordpress | 2 Best Restaurant Menu By Pricelisto, Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.2. | ||||
| CVE-2024-56219 | 2 Marketingfire, Wordpress | 2 Widget-options, Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1. | ||||
| CVE-2025-22779 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0. | ||||
| CVE-2024-50423 | 2 Templately, Wordpress | 2 Templately, Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | ||||
| CVE-2024-11840 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.1 High |
| The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks. | ||||
| CVE-2024-11851 | 2 Nitropack, Wordpress | 2 Nitropack, Wordpress | 2025-07-13 | 4.3 Medium |
| The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values. | ||||