Total
7017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14609 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive analytics data including administrator usernames, login timestamps, visitor tracking information, and business intelligence data via the 'name' parameter granted they can send unauthenticated requests. | |||||
| CVE-2026-0687 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb_gallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and above, to create and publish galleries. | |||||
| CVE-2026-0593 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings. | |||||
| CVE-2025-14629 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media attachments. | |||||
| CVE-2025-15516 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary string-based user meta keys for their own account. | |||||
| CVE-2023-47762 | 1 Wpdeveloper | 1 Betterdocs | 2026-01-23 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2. | |||||
| CVE-2025-30880 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2. | |||||
| CVE-2025-31868 | 1 Joomsky | 1 Js Job Manager | 2026-01-23 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2022-46838 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 9.1 CRITICAL |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2022-46840 | 1 Joomsky | 1 Js Help Desk | 2026-01-23 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2022-47176 | 1 Averta | 1 Depicter Slider | 2026-01-23 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0. | |||||
| CVE-2023-44258 | 1 Schemaapp | 1 Schema App Structured Data | 2026-01-23 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1. | |||||
| CVE-2023-45104 | 1 Wpdeveloper | 1 Betterlinks | 2026-01-23 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. | |||||
| CVE-2023-47179 | 1 Byconsole | 1 Wooodt Lite | 2026-01-23 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6. | |||||
| CVE-2023-39994 | 1 Reputeinfosystems | 1 Armember | 2026-01-23 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. | |||||
| CVE-2025-59968 | 1 Juniper | 19 Space Security Director, Srx1500, Srx1600 and 16 more | 2026-01-23 | N/A | 8.6 HIGH |
| A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls. This issue affects Junos Space Security Director * all versions prior to 24.1R3 Patch V4 This issue does not affect managed cSRX Series devices. | |||||
| CVE-2024-31270 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2026-01-23 | N/A | 7.6 HIGH |
| Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | |||||
| CVE-2023-47788 | 1 Automattic | 1 Jetpack | 2026-01-23 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7. | |||||
| CVE-2025-52954 | 1 Juniper | 1 Junos Os Evolved | 2026-01-23 | N/A | 7.8 HIGH |
| A Missing Authorization vulnerability in the internal virtual routing and forwarding (VRF) of Juniper Networks Junos OS Evolved allows a local, low-privileged user to gain root privileges, leading to a system compromise. Any low-privileged user with the capability to send packets over the internal VRF can execute arbitrary Junos commands and modify the configuration, and thus compromise the system. This issue affects Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S5-EVO, * from 24.2 before 24.2R2-S1-EVO * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO. | |||||
| CVE-2025-14757 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2026-01-23 | N/A | 5.3 MEDIUM |
| The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the complete_payment AJAX action being registered via wp_ajax_nopriv, making it accessible to unauthenticated users, and the complete() function only verifying a nonce without checking user capabilities or order ownership. Since nonces are exposed to all visitors via window.ccb_nonces in the page source, any unauthenticated attacker can mark any order's payment status as "completed" without actual payment. | |||||