Total
5903 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-64254 | 2025-12-11 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Ronald Huereca Photo Block photo-block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Block: from n/a through <= 1.5.1. | |||||
| CVE-2025-62153 | 2025-12-11 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Graham Quick Interest Slider quick-interest-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Interest Slider: from n/a through <= 3.1.5. | |||||
| CVE-2025-62152 | 2025-12-11 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 268.10. | |||||
| CVE-2025-62151 | 2025-12-11 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through <= 3.6.3. | |||||
| CVE-2025-12782 | 1 Fastlinemedia | 1 Beaver Builder | 2025-12-11 | N/A | 4.3 MEDIUM |
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the plugin not properly verifying a user's authorization in the disable() function. This makes it possible for authenticated attackers, with contributor level access and above, to disable the Beaver Builder layout on arbitrary posts and pages, causing content integrity issues and layout disruption on those pages. | |||||
| CVE-2025-62247 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-12-11 | N/A | 6.5 MEDIUM |
| Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 allows instance users to read and select unauthorized Blueprints through the Collection Providers across instances. | |||||
| CVE-2025-62100 | 2025-12-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9. | |||||
| CVE-2025-62090 | 2025-12-11 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons: from n/a through <= 3.0.2. | |||||
| CVE-2025-62086 | 2025-12-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.32. | |||||
| CVE-2025-62085 | 2025-12-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in berthaai BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13. | |||||
| CVE-2025-63028 | 2025-12-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | |||||
| CVE-2025-63015 | 2025-12-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in paysera WooCommerce Payment Gateway – Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway – Paysera: from n/a through <= 3.9.0. | |||||
| CVE-2025-10352 | 2025-12-11 | N/A | N/A | ||
| Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'. | |||||
| CVE-2025-67571 | 2025-12-10 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2. | |||||
| CVE-2025-67570 | 2025-12-10 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in GSheetConnector by WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0. | |||||
| CVE-2025-67569 | 2025-12-10 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11. | |||||
| CVE-2025-67568 | 2025-12-10 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1. | |||||
| CVE-2025-67548 | 2025-12-10 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.1. | |||||
| CVE-2025-67474 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4. | |||||
| CVE-2025-67468 | 2025-12-10 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms: from n/a through <= 1.4.6. | |||||