Total
5225 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49683 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| Missing Authorization vulnerability in Schema & Structured Data for WP & AMP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.3.5. | ||||
| CVE-2024-51817 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through 1.0. | ||||
| CVE-2024-13423 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.3 Medium |
| The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate/deactivate arbitrary plugins. | ||||
| CVE-2024-54381 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. | ||||
| CVE-2025-30864 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2. | ||||
| CVE-2024-43285 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2. | ||||
| CVE-2025-46488 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.1 High |
| Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2. | ||||
| CVE-2025-31063 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0. | ||||
| CVE-2023-41689 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14. | ||||
| CVE-2024-9891 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site. | ||||
| CVE-2023-45002 | 2 Wedevs, Wordpress | 2 Wp User Frontend, Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8. | ||||
| CVE-2024-10588 | 2 Eugenbobrowski, Wordpress | 2 Debug Tool, Wordpress | 2025-07-12 | 4.3 Medium |
| The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. | ||||
| CVE-2024-13412 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. | ||||
| CVE-2024-43208 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1. | ||||
| CVE-2023-23985 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 3.7 Low |
| Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | ||||
| CVE-2024-12711 | 2 Wordpress, Wpchill | 2 Wordpress, Rsvp And Event Management | 2025-07-12 | 5.3 Medium |
| The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. | ||||
| CVE-2023-47693 | 2 Themefic, Wordpress | 2 Ultimate Addons For Contact Form 7, Wordpress | 2025-07-12 | 7.5 High |
| Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6. | ||||
| CVE-2023-47523 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Tag Creator: from n/a through 1.0.2. | ||||
| CVE-2024-33925 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 4.3 Medium |
| Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. | ||||
| CVE-2024-37929 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 6.3 Medium |
| Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4. | ||||