Total
766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25414 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | |||||
| CVE-2026-32519 | 2026-04-24 | N/A | 9.0 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. | |||||
| CVE-2026-32530 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18. | |||||
| CVE-2026-27051 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0. | |||||
| CVE-2026-32488 | 2026-04-24 | N/A | 8.1 HIGH | ||
| Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9. | |||||
| CVE-2026-4548 | 2026-04-24 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be launched remotely. | |||||
| CVE-2026-25334 | 2026-04-24 | N/A | 8.1 HIGH | ||
| Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12. | |||||
| CVE-2026-24373 | 2026-04-24 | N/A | 8.1 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1. | |||||
| CVE-2026-24971 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8. | |||||
| CVE-2026-24968 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30. | |||||
| CVE-2025-12103 | 2026-04-23 | N/A | 5.0 MEDIUM | ||
| A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs` | |||||
| CVE-2026-40869 | 1 Decidim | 1 Decidim | 2026-04-23 | N/A | 7.5 HIGH |
| Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as people amending proposals are provided coauthorship on the coauthorable resources. Versions 0.30.5 and 0.31.1 fix the issue. As a workaround, disable amendment reactions for the amendable component (e.g. proposals). | |||||
| CVE-2026-23550 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. | |||||
| CVE-2025-58841 | 2026-04-23 | N/A | 5.5 MEDIUM | ||
| Incorrect Privilege Assignment vulnerability in John Luetke Media Author media-author allows Privilege Escalation.This issue affects Media Author: from n/a through <= 1.0.4. | |||||
| CVE-2025-54735 | 2026-04-23 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24. | |||||
| CVE-2025-54697 | 2026-04-23 | N/A | 7.2 HIGH | ||
| Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. | |||||
| CVE-2025-54049 | 2026-04-23 | N/A | 9.9 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2. | |||||
| CVE-2025-53580 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. | |||||
| CVE-2025-52836 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. | |||||
| CVE-2025-52726 | 2026-04-23 | N/A | 8.6 HIGH | ||
| Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0. | |||||