Total
5309 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20529 | 1 Google | 1 Android | 2025-04-18 | 2.4 Low |
| In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603 | ||||
| CVE-2022-20522 | 1 Google | 1 Android | 2025-04-18 | 7.8 High |
| In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227470877 | ||||
| CVE-2022-20519 | 1 Google | 1 Android | 2025-04-18 | 3.3 Low |
| In onCreate of AddAppNetworksActivity.java, there is a possible way for a guest user to configure WiFi networks due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224772678 | ||||
| CVE-2024-1733 | 1 Charlestsmith | 1 Word Replacer Pro | 2025-04-18 | 5.3 Medium |
| The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site. | ||||
| CVE-2022-20572 | 2 Google, Redhat | 2 Android, Enterprise Linux | 2025-04-18 | 6.7 Medium |
| In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | ||||
| CVE-2025-23906 | 2025-04-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2. | ||||
| CVE-2025-31338 | 2025-04-17 | N/A | ||
| A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality. | ||||
| CVE-2025-23773 | 2025-04-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: from n/a through 1.1.1. | ||||
| CVE-2025-27310 | 2025-04-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in Radius of Thought Page and Post Lister allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page and Post Lister: from n/a through 1.2.1. | ||||
| CVE-2025-26968 | 2025-04-17 | 7.5 High | ||
| Missing Authorization vulnerability in webbernaut Cloak Front End Email allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cloak Front End Email: from n/a through 1.9.5. | ||||
| CVE-2025-24581 | 2025-04-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in Themefic Instantio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Instantio: from n/a through 3.3.7. | ||||
| CVE-2025-39554 | 2025-04-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3. | ||||
| CVE-2025-39532 | 2025-04-17 | 7.5 High | ||
| Missing Authorization vulnerability in spicethemes Spice Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Spice Blocks: from n/a through 2.0.7.1. | ||||
| CVE-2025-39583 | 2025-04-17 | 7.1 High | ||
| Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.10.2. | ||||
| CVE-2025-39457 | 2025-04-17 | 5.3 Medium | ||
| Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8. | ||||
| CVE-2025-39533 | 2025-04-17 | 8.8 High | ||
| Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing allows Privilege Escalation. This issue affects Starfish Review Generation & Marketing: from n/a through 3.1.14. | ||||
| CVE-2025-39559 | 2025-04-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4. | ||||
| CVE-2025-32593 | 2025-04-17 | 8.2 High | ||
| Missing Authorization vulnerability in Bytes Technolab Add Product Frontend for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Add Product Frontend for WooCommerce: from n/a through 1.0.6. | ||||
| CVE-2023-47458 | 1 Bladex | 1 Springblade | 2025-04-17 | 9.8 Critical |
| An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. | ||||
| CVE-2024-0201 | 1 Webcodingplace | 1 Product Expiry For Woocommerce | 2025-04-17 | 5.4 Medium |
| The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. | ||||