Total
5219 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6813 | 2025-07-22 | 8.8 High | ||
| The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges. | ||||
| CVE-2025-5811 | 2025-07-22 | 5.3 Medium | ||
| The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values on the WordPress site. | ||||
| CVE-2025-5816 | 2025-07-22 | 4.3 Medium | ||
| The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the get_order_detail() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's orders. | ||||
| CVE-2025-6720 | 1 Wordpress | 1 Wordpress | 2025-07-22 | 5.3 Medium |
| The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files. | ||||
| CVE-2025-6721 | 1 Wordpress | 1 Wordpress | 2025-07-22 | 5.3 Medium |
| The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrary orders. | ||||
| CVE-2024-43154 | 2 Bracketspace, Wordpress | 2 Advanced Cron Manager, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9. | ||||
| CVE-2025-54047 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in QuanticaLabs Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cost Calculator: from n/a through 7.4. | ||||
| CVE-2025-53986 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3.2.10. | ||||
| CVE-2025-48150 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through 4.48. | ||||
| CVE-2025-48167 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in alexvtn Chatbox Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Chatbox Manager: from n/a through 1.2.5. | ||||
| CVE-2025-48155 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9. | ||||
| CVE-2025-54037 | 2 Blazethemes, Wordpress | 2 News Kit Elementor Addons, Wordpress | 2025-07-21 | 5.4 Medium |
| Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4. | ||||
| CVE-2025-53997 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4. | ||||
| CVE-2025-54018 | 2 Creativemindssolutions, Wordpress | 2 Cm Pop-up Banners, Wordpress | 2025-07-21 | 4.3 Medium |
| Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4. | ||||
| CVE-2025-48166 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 5.3 Medium |
| Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48. | ||||
| CVE-2025-49884 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8. | ||||
| CVE-2025-29000 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Multi-language Responsive Contact Form: from n/a through 2.8. | ||||
| CVE-2025-49319 | 2 Wordpress, Wpfactory | 2 Wordpress, Wishlist For Woocommerce | 2025-07-21 | 6.5 Medium |
| Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3. | ||||
| CVE-2025-52804 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Nuss allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nuss: from n/a through 1.3.3. | ||||
| CVE-2025-52803 | 1 Wordpress | 1 Wordpress | 2025-07-21 | 7.5 High |
| Missing Authorization vulnerability in uxper Sala allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Sala: from n/a through 1.1.3. | ||||