Export limit exceeded: 10541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10541 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46485 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Customize Login Page: from n/a through <= 1.6.5. | ||||
| CVE-2025-46488 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in dastan800 Visual Builder visual-builder allows Reflected XSS.This issue affects Visual Builder: from n/a through <= 1.2.2. | ||||
| CVE-2025-46489 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through <= 2.1. | ||||
| CVE-2025-27294 | 2 Platcom, Wordpress | 2 Wp-asambleas, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in platcom WP-Asambleas wp-asambleas allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Asambleas: from n/a through <= 2.85.0. | ||||
| CVE-2025-27296 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue revenueflex-easy-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue: from n/a through <= 1.5. | ||||
| CVE-2025-27822 | 2026-04-15 | 7.5 High | ||
| An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission. | ||||
| CVE-2025-46569 | 2026-04-15 | 8.1 High | ||
| Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used for policy evaluation. A HTTP request path can be crafted in a way that injects Rego code into the constructed query. The evaluation result cannot be made to return any other data than what is generated by the requested path, but this path can be misdirected, and the injected Rego code can be crafted to make the query succeed or fail; opening up for oracle attacks or, given the right circumstances, erroneous policy decision results. Furthermore, the injected code can be crafted to be computationally expensive, resulting in a Denial Of Service (DoS) attack. This issue has been patched in version 1.4.0. A workaround involves having network access to OPA’s RESTful APIs being limited to `localhost` and/or trusted networks, unless necessary for production reasons. | ||||
| CVE-2025-49899 | 2 Whydonate, Wordpress | 2 Wp Whydonate, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through <= 4.0.15. | ||||
| CVE-2025-30851 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.5.2. | ||||
| CVE-2025-30853 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.10.0. | ||||
| CVE-2025-39591 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3. | ||||
| CVE-2025-30864 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in falselight Exchange Rates exchange-rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exchange Rates: from n/a through <= 1.2.2. | ||||
| CVE-2025-30927 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0. | ||||
| CVE-2025-30883 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in richplugins Trust.Reviews fb-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trust.Reviews: from n/a through <= 2.3. | ||||
| CVE-2025-30909 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.3. | ||||
| CVE-2025-30926 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons.This issue affects King Addons for Elementor: from n/a through <= 24.12.58. | ||||
| CVE-2025-30945 | 1 Taskbuilder | 1 Taskbuilder | 2026-04-15 | N/A |
| Missing Authorization vulnerability in taskbuilder Taskbuilder taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Taskbuilder: from n/a through <= 4.0.7. | ||||
| CVE-2025-30958 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites onoffice-for-wp-websites allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onOffice for WP-Websites: from n/a through <= 6.5.1. | ||||
| CVE-2025-30959 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.2. | ||||
| CVE-2025-30960 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8. | ||||