Total
5227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22592 | 2 Lenderd, Wordpress | 2 1003 Mortgage Application, Wordpress | 2025-07-13 | 7.5 High |
| Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87. | ||||
| CVE-2025-22673 | 2 Wordpress, Wpfactory | 2 Wordpress, Ean For Woocommerce | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5. | ||||
| CVE-2025-22740 | 2 Automattic, Wordpress | 2 Sensei Lms, Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4. | ||||
| CVE-2025-26372 | 1 Q-free | 1 Maxtime | 2025-07-13 | 7.1 High |
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests. | ||||
| CVE-2025-2719 | 2 Hasthemes, Wordpress | 2 Swatchly, Wordpress | 2025-07-13 | 6.5 Medium |
| The Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. | ||||
| CVE-2025-30880 | 2 Joomsky, Wordpress | 2 Js Help Desk, Wordpress | 2025-07-13 | 7.5 High |
| Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2. | ||||
| CVE-2025-31415 | 2 Wordpress, Yaycommerce | 2 Wordpress, Yayextra | 2025-07-13 | 7.6 High |
| Missing Authorization vulnerability in YayCommerce YayExtra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YayExtra: from n/a through 1.5.2. | ||||
| CVE-2025-31539 | 2 Blocksera, Wordpress | 2 Cryptocurrency Widgets Pack, Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Blocksera Cryptocurrency Widgets Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cryptocurrency Widgets Pack: from n/a through 2.0.1. | ||||
| CVE-2025-31628 | 2 Slicedinvoices, Wordpress | 2 Sliced Invoices, Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4. | ||||
| CVE-2025-32544 | 1 Woocommerce | 1 Woocommerce | 2025-07-13 | 7.5 High |
| Missing Authorization vulnerability in The Right Software WooCommerce Loyal Customers allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WooCommerce Loyal Customers: from n/a through 2.6. | ||||
| CVE-2024-55991 | 2 Wordpress, Wp-crm | 2 Wordpress, Wp-crm System | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1. | ||||
| CVE-2024-56294 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2025-07-13 | 6.4 Medium |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7. | ||||
| CVE-2023-36512 | 2 Woo, Wordpress | 2 Automatewoo, Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5. | ||||
| CVE-2025-5888 | 1 Jsnjfz | 1 Webstack-guns | 2025-07-13 | 4.3 Medium |
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-34186 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Imran Sayed Headless CMS.This issue affects Headless CMS: from n/a through 2.0.3. | ||||
| CVE-2024-54679 | 1 Cyberpanel | 1 Cyberpanel | 2025-07-13 | 4.3 Medium |
| CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. | ||||
| CVE-2025-31830 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Uriahs Victor Printus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printus: from n/a through 1.2.6. | ||||
| CVE-2023-40608 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.2 High |
| Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3. | ||||
| CVE-2024-33919 | 1 Rometheme | 1 Romethemekit For Elementor | 2025-07-12 | 6.5 Medium |
| Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. | ||||
| CVE-2025-22665 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4. | ||||