Total
7469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25395 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4. | |||||
| CVE-2026-25394 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6. | |||||
| CVE-2026-25393 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0.6. | |||||
| CVE-2026-25391 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07. | |||||
| CVE-2026-25386 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2. | |||||
| CVE-2026-25384 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5. | |||||
| CVE-2026-25375 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10. | |||||
| CVE-2026-25372 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3. | |||||
| CVE-2026-25368 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1. | |||||
| CVE-2026-25242 | 1 Gogs | 1 Gogs | 2026-02-19 | N/A | 9.8 CRITICAL |
| Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the server via /releases/attachments and /issues/attachments. This enables the instance to be abused as a public file host, potentially leading to disk exhaustion, content hosting, or delivery of malware. CSRF tokens do not mitigate this attack due to same-origin cookie issuance. This issue has been fixed in version 0.14.1. | |||||
| CVE-2026-27042 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1. | |||||
| CVE-2026-25459 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12. | |||||
| CVE-2026-25415 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18. | |||||
| CVE-2026-25473 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31. | |||||
| CVE-2026-25441 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21. | |||||
| CVE-2025-64520 | 1 Glpi-project | 1 Glpi | 2026-02-19 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch. | |||||
| CVE-2025-12081 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level access and above, to modify the title, caption, and custom metadata of arbitrary media attachments. | |||||
| CVE-2019-25351 | 2026-02-19 | N/A | 8.8 HIGH | ||
| Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests. | |||||
| CVE-2025-12845 | 2026-02-19 | N/A | 8.8 HIGH | ||
| The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve plugin table data that can expose email log information. Attackers can leverage this on sites where the table log is enabled in order to trigger a password reset and obtain the reset key. | |||||
| CVE-2025-14270 | 2026-02-19 | N/A | 2.7 LOW | ||
| The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_number_field function. This makes it possible for authenticated attackers, with Editor-level access and above, to modify WhatsApp phone numbers used by the plugin, redirecting customer orders and messages to attacker-controlled phone numbers. | |||||