Total
7000 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0832 | 2026-01-29 | N/A | 7.3 HIGH | ||
| The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny user accounts, retrieve sensitive user information including emails and roles, and force logout of privileged users. | |||||
| CVE-2026-1280 | 2026-01-29 | N/A | 7.5 HIGH | ||
| The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only. | |||||
| CVE-2025-14386 | 2026-01-29 | N/A | 8.8 HIGH | ||
| The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2.4.4 to 2.5.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the 'nonce_token' authentication value to log in to the first Administrator's account. | |||||
| CVE-2025-64352 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-01-29 | N/A | 2.7 LOW |
| Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4. | |||||
| CVE-2025-67958 | 2026-01-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8. | |||||
| CVE-2025-66143 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10. | |||||
| CVE-2025-66142 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1. | |||||
| CVE-2025-66141 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. | |||||
| CVE-2025-66139 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9. | |||||
| CVE-2025-68019 | 2026-01-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8. | |||||
| CVE-2025-67967 | 2026-01-29 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | |||||
| CVE-2025-68009 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3. | |||||
| CVE-2025-68007 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf. | |||||
| CVE-2025-68039 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0. | |||||
| CVE-2025-68020 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12. | |||||
| CVE-2025-68013 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2. | |||||
| CVE-2026-24529 | 2026-01-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7. | |||||
| CVE-2026-22447 | 2026-01-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1. | |||||
| CVE-2025-67939 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2. | |||||
| CVE-2025-58210 | 1 Thememove | 1 Makeaholic | 2026-01-28 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5. | |||||