Total
6008 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63049 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2. | |||||
| CVE-2025-63077 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.2. | |||||
| CVE-2025-63054 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.1. | |||||
| CVE-2025-67575 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1. | |||||
| CVE-2022-46845 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Essential Plugin Slider a SlidersPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider a SlidersPack: from n/a before 2.3. | |||||
| CVE-2025-67579 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8. | |||||
| CVE-2025-67574 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.30. | |||||
| CVE-2025-67580 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through <= 2.4.1. | |||||
| CVE-2022-47425 | 2025-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10. | |||||
| CVE-2025-67577 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20. | |||||
| CVE-2023-23729 | 2025-12-09 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | |||||
| CVE-2025-67576 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3. | |||||
| CVE-2025-67578 | 2025-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4. | |||||
| CVE-2025-48614 | 1 Google | 1 Android | 2025-12-08 | N/A | 4.6 MEDIUM |
| In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48604 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48600 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48599 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48608 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-12370 | 2025-12-08 | N/A | 4.3 MEDIUM | ||
| The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options. | |||||
| CVE-2025-12165 | 2025-12-08 | N/A | 4.3 MEDIUM | ||
| The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings. | |||||