Total
6978 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2732 | 1 Open-emr | 1 Openemr | 2026-02-25 | N/A | 8.3 HIGH |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2026-22765 | 1 Dell | 1 Wyse Management Suite | 2026-02-25 | N/A | 8.8 HIGH |
| Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2026-1916 | 2026-02-25 | N/A | 7.5 HIGH | ||
| The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the `wpgsi_callBackFuncAccept` and `wpgsi_callBackFuncUpdate` REST API functions in all versions up to, and including, 3.8.3. Both REST endpoints use `permission_callback => '__return_true'`, allowing unauthenticated access. The plugin's custom token-based validation relies on a Base64-encoded JSON object containing the user ID and email address, but is not cryptographically signed. This makes it possible for unauthenticated attackers to forge tokens using publicly enumerable information (admin user ID and email) to create, modify, and delete arbitrary WordPress posts and pages, granted they know the administrator's email address and an active integration ID with remote updates enabled. | |||||
| CVE-2026-2301 | 2026-02-25 | N/A | 4.3 MEDIUM | ||
| The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` function in `includes/api.php` using `$wpdb->insert()` directly to the `wp_postmeta` table instead of WordPress's standard `add_post_meta()` function, which would call `is_protected_meta()` to prevent lower-privileged users from setting protected meta keys (those starting with `_`). This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary protected post meta keys such as `_wp_page_template`, `_wp_attached_file`, and other sensitive meta keys on duplicated posts via the `customMetaData` JSON array parameter in the `/wp-json/post-duplicator/v1/duplicate-post` REST API endpoint. | |||||
| CVE-2026-25404 | 2026-02-24 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0. | |||||
| CVE-2025-69297 | 2026-02-24 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. | |||||
| CVE-2025-69063 | 2026-02-24 | N/A | 8.6 HIGH | ||
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0. | |||||
| CVE-2025-68542 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <= 1.3. | |||||
| CVE-2025-68534 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0. | |||||
| CVE-2025-68069 | 2026-02-24 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. | |||||
| CVE-2025-68050 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3. | |||||
| CVE-2025-68043 | 2026-02-24 | N/A | 7.3 HIGH | ||
| Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0. | |||||
| CVE-2025-68026 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1. | |||||
| CVE-2025-68024 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15. | |||||
| CVE-2025-68022 | 2026-02-24 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6. | |||||
| CVE-2025-68005 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7. | |||||
| CVE-2025-68000 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | |||||
| CVE-2025-67993 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1. | |||||
| CVE-2025-67977 | 2026-02-24 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8. | |||||
| CVE-2025-67974 | 2026-02-24 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. | |||||