Export limit exceeded: 11939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11939 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-32804 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.
CVE-2024-32787 2 Copy Content Protection Team, Wordpress 2 Secure Copy Content Protection And Content Locking, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.
CVE-2024-32783 2026-04-15 4.3 Medium
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0.
CVE-2024-1324 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to retrieve the contents of arbitrary posts that may not be public.
CVE-2025-68050 2 Leadpages, Wordpress 2 Leadpages, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.
CVE-2025-66165 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7.
CVE-2025-20701 1 Airoha 4 Ab156x, Ab157x, Ab158x and 1 more 2026-04-15 8.8 High
In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-3277 2 Wordpress, Yumpu 2 Wordpress, Yumpu Epaper Publishing 2026-04-15 5 Medium
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key.
CVE-2024-43256 2026-04-15 7.1 High
Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
CVE-2025-69361 2 Publishpress, Wordpress 2 Post Expirator, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
CVE-2024-32656 1 Ant-media 1 Ant-media-server 2026-04-15 7.8 High
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James. Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the `antmedia` service account on the system. Version 2.9.0 contains a patch for the issue. As a workaround, one may remove certain parameters from the `antmedia.service` file.
CVE-2024-0908 2 Abuhayat, Wordpress 2 Advanced Post Block, Wordpress 2026-04-15 5.3 Medium
The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected.
CVE-2024-13423 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate/deactivate arbitrary plugins.
CVE-2024-2417 1 Wpeverest 1 User Registration 2026-04-15 8.8 High
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the attacker to register an account as an administrator on the site.
CVE-2025-4095 1 Docker 1 Docker Desktop 2026-04-15 N/A
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.
CVE-2024-43212 1 Magepeople 1 Wptravelly 2026-04-15 7.5 High
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.
CVE-2024-43215 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2.
CVE-2024-12253 2026-04-15 5.4 Medium
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).
CVE-2024-43209 1 Bitly 1 Bitly 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
CVE-2021-26387 2026-04-15 3.9 Low
Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected areas, potentially leading to a loss of platform integrity.