Total
4591 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31580 | 2025-04-02 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8. | |||||
| CVE-2025-2779 | 2025-04-02 | N/A | 6.5 MEDIUM | ||
| The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration. | |||||
| CVE-2025-31525 | 2025-04-02 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9. | |||||
| CVE-2025-30853 | 2025-04-02 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShortPixel Adaptive Images: from n/a through 3.10.0. | |||||
| CVE-2025-3063 | 2025-04-02 | N/A | 8.8 HIGH | ||
| The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-13637 | 2025-04-02 | N/A | 6.5 MEDIUM | ||
| The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins.. | |||||
| CVE-2023-24453 | 1 Jenkins | 1 Testquality Updater | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||||
| CVE-2023-24448 | 1 Jenkins | 1 Rabbitmq Consumer | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. | |||||
| CVE-2023-24438 | 1 Jenkins | 1 Jira Pipeline Steps | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24436 | 1 Jenkins | 1 Github Pull Request Builder | 2025-04-02 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-24435 | 1 Jenkins | 1 Github Pull Request Builder | 2025-04-02 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-24433 | 1 Jenkins | 1 Orka By Macstadium | 2025-04-02 | N/A | 6.5 MEDIUM |
| Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2025-27666 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010. | |||||
| CVE-2025-31406 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Subscriber Broken Access Control in ELEX WooCommerce Request a Quote <= 2.3.3 versions. | |||||
| CVE-2025-31376 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0. | |||||
| CVE-2025-31533 | 2025-04-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3. | |||||
| CVE-2025-31528 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in wokamoto StaticPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaticPress: from n/a through 0.4.5. | |||||
| CVE-2025-31555 | 2025-04-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in ContentMX ContentMX Content Publisher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentMX Content Publisher: from n/a through 1.0.6. | |||||
| CVE-2025-31546 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Swiss Toolkit For WP: from n/a through 1.3.0. | |||||
| CVE-2025-31611 | 2025-04-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Post After Image Upload: from n/a through 1.6. | |||||