Total
4840 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47526 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Variation Swatches for WooCommerce: from n/a through 3.0.4. | |||||
| CVE-2025-47450 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13. | |||||
| CVE-2025-47469 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0. | |||||
| CVE-2025-47471 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in EnvoThemes Envo Extra allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Envo Extra: from n/a through 1.9.9. | |||||
| CVE-2025-47467 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in GS Plugins GS Testimonial Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Testimonial Slider: from n/a through 3.3.0. | |||||
| CVE-2025-47528 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in pewilliams Ovation Elements allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ovation Elements: from n/a through 1.1.2. | |||||
| CVE-2025-47472 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1. | |||||
| CVE-2025-47486 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CyberChimps Gutenberg & Elementor Templates Importer For Responsive allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Gutenberg & Elementor Templates Importer For Responsive: from n/a through 3.1.9. | |||||
| CVE-2025-47457 | 2025-05-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16. | |||||
| CVE-2025-47692 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3. | |||||
| CVE-2025-20164 | 2025-05-08 | N/A | 8.3 HIGH | ||
| A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5. | |||||
| CVE-2025-47602 | 2025-05-08 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through 1.3.5. | |||||
| CVE-2025-47591 | 2025-05-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CreedAlly Bulk Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Featured Image: from n/a through 1.2.1. | |||||
| CVE-2022-41797 | 1 Lemon8 Project | 1 Lemon8 | 2025-05-07 | N/A | 6.5 MEDIUM |
| Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2024-28216 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | 5.4 MEDIUM |
| nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | |||||
| CVE-2024-28215 | 1 Naver | 1 Ngrinder | 2025-05-07 | N/A | 7.5 HIGH |
| nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. | |||||
| CVE-2025-0856 | 2025-05-07 | N/A | 7.3 HIGH | ||
| The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options. | |||||
| CVE-2025-3766 | 2025-05-07 | N/A | 5.4 MEDIUM | ||
| The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a valid nonce that can be used to generate a global unlock key, which can in turn be used to add arbitrary IP address to the plugin allowlist. This can only by exploited on new installations where the site administrator hasn't visited the loginlockdown page yet. | |||||
| CVE-2025-2821 | 2025-05-07 | N/A | 5.3 MEDIUM | ||
| The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results. | |||||
| CVE-2024-2702 | 1 Olivethemes | 1 Olive One Click Demo Import | 2025-05-07 | N/A | 8.2 HIGH |
| Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||||