Total
1688 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49765 | 1 Blazzdev | 1 Rate My Post | 2026-04-28 | N/A | 4.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.1. | |||||
| CVE-2023-47191 | 1 Kainelabs | 1 Youzify | 2026-04-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a through 1.2.2. | |||||
| CVE-2023-46311 | 1 Gvectors | 1 Wpdiscuz | 2026-04-28 | N/A | 2.7 LOW |
| Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | |||||
| CVE-2023-41796 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-28 | N/A | 5.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | |||||
| CVE-2023-38513 | 1 Meowapps | 1 Photo Engine | 2026-04-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. | |||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2026-04-28 | N/A | 8.2 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
| CVE-2023-36520 | 1 Zackgrossbart | 1 Editorial Calendar | 2026-04-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. | |||||
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2026-04-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2026-04-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | |||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2026-04-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2026-04-28 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | |||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2026-04-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | |||||
| CVE-2023-23679 | 1 Jshelpdesk | 1 Jshelpdesk | 2026-04-28 | N/A | 4.6 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | |||||
| CVE-2022-43450 | 1 Xwp | 1 Stream | 2026-04-28 | N/A | 4.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | |||||
| CVE-2026-41372 | 1 Openclaw | 1 Openclaw | 2026-04-28 | N/A | 5.8 MEDIUM |
| OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose browser state. | |||||
| CVE-2026-24631 | 2026-04-28 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through <= 1.4. | |||||
| CVE-2026-24379 | 2026-04-28 | N/A | 6.5 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3. | |||||
| CVE-2026-28736 | 1 Mattermost | 1 Focalboard | 2026-04-28 | N/A | 4.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued. | |||||
| CVE-2025-69347 | 2026-04-27 | N/A | 8.6 HIGH | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10. | |||||
| CVE-2025-69032 | 1 Qodeinteractive | 1 Fivestar | 2026-04-27 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7. | |||||