Export limit exceeded: 11388 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32797 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11. | ||||
| CVE-2024-32802 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32. | ||||
| CVE-2024-32804 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46. | ||||
| CVE-2024-32810 | 1 Shortpixel | 1 Shortpixel Critical Css | 2026-04-15 | 7.6 High |
| Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2. | ||||
| CVE-2024-32813 | 1 Softlab | 1 Integrate Google Drive | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9. | ||||
| CVE-2024-12204 | 2026-04-15 | 5.4 Medium | ||
| The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses. | ||||
| CVE-2024-32820 | 1 Socialshare | 1 Social Share Icons \& Social Share Buttons | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2. | ||||
| CVE-2025-12900 | 2 Ninjateam, Wordpress | 2 Filebird, Wordpress | 2026-04-15 | 4.3 Medium |
| The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author level access and above, to inject global folders and reassign arbitrary media attachments to those folders under certain circumstances. | ||||
| CVE-2024-10783 | 2 Mainwp, Wordpress | 2 Mainwp Child, Wordpress | 2026-04-15 | 8.1 High |
| The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note versions up to 5.3.3 contained a patch, though a bypass was discovered and not addressed until version 5.3.4. | ||||
| CVE-2024-10437 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Smart Messages For Woocommerce | 2026-04-15 | 4.3 Medium |
| The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages. | ||||
| CVE-2024-33585 | 1 Wordpress | 1 Payment Gateway Based Fees And Discounts For Woocommerce | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1. | ||||
| CVE-2024-33587 | 1 Ays-pro | 1 Secure Copy Content Protection And Content Locking | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0. | ||||
| CVE-2024-33594 | 1 Leaky Paywall | 1 Leaky Paywall | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Leaky Paywall.This issue affects Leaky Paywall: from n/a through 4.20.8. | ||||
| CVE-2024-42380 | 2026-04-15 | 4.3 Medium | ||
| The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application. | ||||
| CVE-2024-42372 | 1 Sap | 1 Netweaver System Landscape Directory | 2026-04-15 | 6.5 Medium |
| Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-33591 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10. | ||||
| CVE-2024-33597 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0. | ||||
| CVE-2024-0138 | 1 Nvidia | 1 Base Command Manager | 2026-04-15 | 9.8 Critical |
| NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-11269 | 2 Woobewoo, Wordpress | 2 Product Filter, Wordpress | 2026-04-15 | 5.3 Medium |
| The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings. | ||||
| CVE-2024-33684 | 1 Pdfcrowd | 1 Save As Pdf | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0. | ||||