Export limit exceeded: 14069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10458 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10458 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-63049 2 Cridio, Wordpress 2 Listingpro Lead Form, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.
CVE-2025-63054 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.2.
CVE-2025-7821 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update the site's favicon logo base.
CVE-2025-7822 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notices hook in all versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable caching.
CVE-2025-7827 3 Anzia, Woocommerce, Wordpress 3 Ni Woocommerce Customer Product Report, Woocommerce, Wordpress 2026-04-15 4.3 Medium
The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.
CVE-2025-7828 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the post_listing_page() function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete feeds.
CVE-2023-50375 1 Translate Ai Multilingual Solutions 1 Google Language Translator 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Translate AI Multilingual Solutions Google Language Translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through 6.0.19.
CVE-2022-40975 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7.
CVE-2022-41650 2 Paul, Wordpress 2 Custom Content By Country (by Shield Security), Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.
CVE-2022-41698 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.
CVE-2022-43476 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4.
CVE-2022-44578 2 Pierre-jehan, Wordpress 2 Owl Carousel, Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3.
CVE-2022-45070 2026-04-15 5.3 Medium
Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3.
CVE-2025-8268 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in all versions up to, and including, 2.9.5. This makes it possible for unauthenticated attackers to list and delete files uploaded by other users.
CVE-2022-45811 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
CVE-2022-45841 2 Robosoft, Wordpress 2 Robo Gallery, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
CVE-2022-45851 2026-04-15 5.4 Medium
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.
CVE-2022-46807 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2.
CVE-2023-51355 1 Multivendorx 1 Wc Marketplace 2026-04-15 8.2 High
Missing Authorization vulnerability in MultiVendorX WC Marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Marketplace: from n/a through 4.0.23.
CVE-2023-51362 1 Premio 1 All In One Floating Contact Form My Sticky Elements 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Premio All-in-one Floating Contact Form – My Sticky Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All-in-one Floating Contact Form – My Sticky Elements: from n/a through 2.1.3.