Export limit exceeded: 10508 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10508 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1350 | 2026-04-15 | 5.3 Medium | ||
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | ||||
| CVE-2025-63006 | 2 Metagauss, Wordpress | 2 Eventprime, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1. | ||||
| CVE-2025-62980 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: from n/a through <= 4.1.03. | ||||
| CVE-2025-62929 | 2 Pluginops, Wordpress | 2 Testimonial Slider, Wordpress | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||||
| CVE-2025-68032 | 2 Passionate Brains, Wordpress | 2 Advanced Wc Analytics, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0. | ||||
| CVE-2025-62906 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through <= 1.1.4. | ||||
| CVE-2024-13424 | 2026-04-15 | 4.3 Medium | ||
| The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and modify commission amounts. | ||||
| CVE-2025-62881 | 2 Wordpress, Wplab | 2 Wordpress, Wp-lister Lite For Ebay | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.3. | ||||
| CVE-2024-4139 | 2026-04-15 | 4.3 Medium | ||
| Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. | ||||
| CVE-2025-62869 | 2 Gravitec.net, Wordpress | 2 Web Push Notifications, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Gravitec.net - Web Push Notifications Gravitec.net – Web Push Notifications gravitec-net-web-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gravitec.net – Web Push Notifications: from n/a through <= 2.9.17. | ||||
| CVE-2024-42013 | 2026-04-15 | 6.4 Medium | ||
| In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program. | ||||
| CVE-2025-62754 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.1 Critical |
| Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through <= 3.1.0. | ||||
| CVE-2025-62740 | 2 Mario Peshev, Wordpress | 2 Wp-crm-system, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.6. | ||||
| CVE-2025-62131 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5. | ||||
| CVE-2025-62090 | 2 Jegstudio, Wordpress | 3 Gutenverse, Gutenverse News, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons: from n/a through <= 3.0.2. | ||||
| CVE-2024-42934 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-04-15 | 5 Medium |
| OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | ||||
| CVE-2025-62021 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Made Neat Acknowledgify acknowledgify.This issue affects Acknowledgify: from n/a through <= 1.1.3. | ||||
| CVE-2025-62028 | 2 Themenectar, Wordpress | 2 Salient Core, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through < 17.4.0. | ||||
| CVE-2024-44082 | 1 Redhat | 3 Openshift, Openshift Ironic, Openstack | 2026-04-15 | 4.3 Medium |
| In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. | ||||
| CVE-2025-50028 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Push Notifications: from n/a through <= 1.2.0. | ||||