Export limit exceeded: 10504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10504 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14971 | 3 Linknacional, Woocommerce, Wordpress | 3 Link Invoice Payment For Woocommerce, Woocommerce, Wordpress | 2026-04-15 | 5.3 Medium |
| The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create partial payments on any order or cancel any existing partial payment via ID enumeration. | ||||
| CVE-2025-14978 | 2 Peachpay, Wordpress | 2 Peachpay - Payments & Express Checkout For Woocommerce (supports Stripe, Paypal, Square, Authorizenet), Wordpress | 2026-04-15 | 5.3 Medium |
| The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. This makes it possible for unauthenticated attackers to modify the status of arbitrary WooCommerce orders. | ||||
| CVE-2025-15043 | 2 Stellarwp, Wordpress | 2 The Events Calendar, Wordpress | 2026-04-15 | 5.4 Medium |
| The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with subscriber level access and above, to start, cancel, or revert the Custom Tables V1 database migration, including dropping the custom database tables entirely via the revert action. | ||||
| CVE-2025-2262 | 2026-04-15 | 7.3 High | ||
| The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-2779 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. | ||||
| CVE-2025-22677 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in UIUX Lab Uix Shortcodes uix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uix Shortcodes: from n/a through <= 2.0.3. | ||||
| CVE-2025-22681 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Xfinitysoft Content Cloner super-seo-content-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Cloner: from n/a through <= 1.0.1. | ||||
| CVE-2025-22686 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WesternDeal CF7 Google Sheets Connector cf7-google-sheets-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF7 Google Sheets Connector: from n/a through <= 5.0.17. | ||||
| CVE-2025-22694 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Dotstore Hide Shipping Method For WooCommerce hide-shipping-method-for-woocommerce.This issue affects Hide Shipping Method For WooCommerce: from n/a through <= 1.5.1. | ||||
| CVE-2025-22696 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WPDeveloper Document Block – Upload & Embed Docs document.This issue affects Document Block – Upload & Embed Docs: from n/a through <= 1.1.0. | ||||
| CVE-2025-22698 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18. | ||||
| CVE-2025-22702 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in ThemeGoods Photography photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photography: from n/a through <= 7.7.2. | ||||
| CVE-2025-39362 | 2 Mollie, Wordpress | 2 Mollie Payments For Woocommerce, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.0.2. | ||||
| CVE-2024-1371 | 1 Wordpress | 2 Leadconnector, Wordpress | 2026-04-15 | 6.5 Medium |
| The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts. CVE-2024-34378 is likely a duplicate of this issue. | ||||
| CVE-2025-22779 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through <= 1.0. | ||||
| CVE-2025-39388 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0. | ||||
| CVE-2024-1995 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private. | ||||
| CVE-2024-2036 | 2026-04-15 | 4.3 Medium | ||
| The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscriber access or higher, to view Application submissions. | ||||
| CVE-2025-28965 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7. | ||||
| CVE-2024-2222 | 2026-04-15 | 4.3 Medium | ||
| The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads. | ||||