Total
5319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1851 | 1 Servit | 1 Affiliate-toolkit | 2025-04-16 | 6.3 Medium |
| The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists. | ||||
| CVE-2024-27900 | 1 Sap | 1 Abap Platform | 2025-04-16 | 4.3 Medium |
| Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. | ||||
| CVE-2025-27008 | 2025-04-16 | 7.5 High | ||
| Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a. | ||||
| CVE-2025-30960 | 2025-04-16 | 8.3 High | ||
| Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8. | ||||
| CVE-2025-39591 | 2025-04-16 | 5.4 Medium | ||
| Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3. | ||||
| CVE-2025-39602 | 2025-04-16 | 4.3 Medium | ||
| Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.9.5. | ||||
| CVE-2025-39513 | 2025-04-16 | 5.3 Medium | ||
| Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: from n/a through 0.2.46. | ||||
| CVE-2025-39552 | 2025-04-16 | 5.4 Medium | ||
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200. | ||||
| CVE-2025-39522 | 2025-04-16 | 5.4 Medium | ||
| Missing Authorization vulnerability in Sebastian Lee Dynamic Post allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dynamic Post: from n/a through 4.10. | ||||
| CVE-2024-30477 | 1 Klarna | 1 Klarna For Woocommerce | 2025-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | ||||
| CVE-2024-53825 | 1 Ninjateam | 1 Filebird | 2025-04-15 | 4.7 Medium |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. | ||||
| CVE-2023-25966 | 1 Ninjateam | 1 Filebird | 2025-04-15 | 5.5 Medium |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | ||||
| CVE-2022-32768 | 1 Wwbn | 1 Avideo | 2025-04-15 | 4.2 Medium |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams. | ||||
| CVE-2022-32769 | 1 Wwbn | 1 Avideo | 2025-04-15 | 5.0 Medium |
| Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists. | ||||
| CVE-2025-26944 | 2025-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in NotFound JetPopup allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetPopup: from n/a through 2.0.11. | ||||
| CVE-2025-32929 | 2025-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. | ||||
| CVE-2025-3561 | 2025-04-15 | 4.3 Medium | ||
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-26959 | 2025-04-15 | 8.8 High | ||
| Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation. This issue affects Administrator Z: from n/a through 2025.03.24. | ||||
| CVE-2025-26955 | 2025-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in VW Themes Industrial Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Industrial Lite: from n/a through 1.0.8. | ||||
| CVE-2025-26741 | 2025-04-15 | 8.8 High | ||
| Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6. | ||||