Total
7623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44147 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in apasionados Comment Blacklist Updater comment-blacklist-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through <= 1.1.0. | |||||
| CVE-2023-44142 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2. | |||||
| CVE-2023-41695 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2026-04-29 | N/A | 3.5 LOW |
| Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0. | |||||
| CVE-2023-41671 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through <= 5.16.1. | |||||
| CVE-2023-41130 | 2026-04-29 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.12. | |||||
| CVE-2023-40678 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117. | |||||
| CVE-2023-40334 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2026-04-29 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2. | |||||
| CVE-2023-40005 | 1 Awesomemotive | 1 Easy Digital Downloads | 2026-04-29 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5. | |||||
| CVE-2023-40003 | 1 Wedevs | 1 Wp Project Manager | 2026-04-29 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. | |||||
| CVE-2023-39920 | 2026-04-29 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2.9.2. | |||||
| CVE-2023-39305 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Dash Labs Yet Another Stars Rating yet-another-stars-rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through <= 3.4.3. | |||||
| CVE-2023-35037 | 2026-04-29 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in Surfer Surfer surferseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through <= 1.3.2.357. | |||||
| CVE-2023-33994 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through <= 5.0.5.1. | |||||
| CVE-2023-33215 | 2026-04-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3. | |||||
| CVE-2023-32299 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Sales Report ni-woocommerce-sales-report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through <= 3.7.3. | |||||
| CVE-2022-47168 | 2026-04-29 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in printful Printful Integration for WooCommerce printful-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through <= 2.2.3. | |||||
| CVE-2012-4245 | 1 Gimp | 1 Gimp | 2026-04-29 | 6.8 MEDIUM | N/A |
| The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. | |||||
| CVE-2026-1153 | 1 Technical-laohu | 1 Mpay | 2026-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-13063 | 2026-04-29 | 7.5 HIGH | 7.3 HIGH | ||
| A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints are affected. | |||||
| CVE-2025-13179 | 1 Bdtask | 1 Wholesale | 2026-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. This issue affects some unknown processing. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||