Export limit exceeded: 345259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10500 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24748 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10. | ||||
| CVE-2024-24711 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
| CVE-2025-24747 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through <= 3.4.0. | ||||
| CVE-2025-24734 | 2 Codesolz, Wordpress | 2 Better Find And Replace, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through <= 1.6.7. | ||||
| CVE-2025-24725 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.2.8. | ||||
| CVE-2025-24705 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Arshid WooCommerce Quick View woo-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Quick View: from n/a through <= 1.1.1. | ||||
| CVE-2025-24697 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery awesome-responsive-photo-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Gallery – Responsive Photo Gallery: from n/a through <= 1.0.5. | ||||
| CVE-2025-24693 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Yehi Advanced Notifications advanced-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Notifications: from n/a through <= 1.2.7. | ||||
| CVE-2025-24692 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through <= 1.3. | ||||
| CVE-2025-24691 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in ctltwp People Lists people-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects People Lists: from n/a through <= 1.3.10. | ||||
| CVE-2024-4319 | 2026-04-15 | 5.3 Medium | ||
| The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms. | ||||
| CVE-2024-4355 | 2026-04-15 | 4.3 Medium | ||
| The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.23. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data. | ||||
| CVE-2025-54711 | 2 Bplugins, Wordpress | 2 Info Cards, Wordpress | 2026-04-15 | 7.1 High |
| Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11. | ||||
| CVE-2025-54714 | 2 Dylanjames, Wordpress | 2 Zephyr Project Manager, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager zephyr-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zephyr Project Manager: from n/a through <= 3.3.201. | ||||
| CVE-2024-28394 | 1 Advancedplugins | 1 Reportsstatistics | 2026-04-15 | 9.8 Critical |
| An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. | ||||
| CVE-2024-28627 | 1 Flipsnack | 1 Flipsnack | 2026-04-15 | 7.5 High |
| An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. | ||||
| CVE-2024-5600 | 1 Happymonkeyagency | 1 Scss Happy Compiler | 2026-04-15 | 5.4 Medium |
| The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts. | ||||
| CVE-2025-5803 | 2 Vikwp, Wordpress | 2 Vikbooking Hotel Booking Engine & Pms, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2. | ||||
| CVE-2024-5855 | 2 Media Hygiene, Wordpress | 2 Media Hygiene, Wordpress | 2026-04-15 | 4.3 Medium |
| The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added. | ||||
| CVE-2025-10040 | 2026-04-15 | 7.7 High | ||
| The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a configured set of SFTP/FTP credentials. | ||||