Total
4934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13801 | 2025-03-27 | N/A | 8.1 HIGH | ||
| The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | |||||
| CVE-2025-30803 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Greg Ross Just Writing Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Just Writing Statistics: from n/a through 5.3. | |||||
| CVE-2025-24972 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats. | |||||
| CVE-2025-30790 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Chatbox Manager: from n/a through 1.2.2. | |||||
| CVE-2025-2110 | 2025-03-27 | N/A | 8.8 HIGH | ||
| The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to compromise the site in various ways depending on the specific function exploited - for example, by retrieving sensitive settings and configuration details, or by altering and deleting them, thereby disclosing sensitive information, disrupting the plugin’s functionality, and potentially impacting overall site performance. | |||||
| CVE-2025-30767 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0. | |||||
| CVE-2025-30772 | 2025-03-27 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4. | |||||
| CVE-2025-30877 | 2025-03-27 | N/A | 2.7 LOW | ||
| Missing Authorization vulnerability in fatcatapps Quiz Cat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Quiz Cat: from n/a through 3.0.8. | |||||
| CVE-2025-30828 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29. | |||||
| CVE-2025-30839 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.2.1. | |||||
| CVE-2025-22667 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2. | |||||
| CVE-2025-30817 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in wpzita Z Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Z Companion: from n/a through 1.0.13. | |||||
| CVE-2025-22770 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6. | |||||
| CVE-2025-30861 | 2025-03-27 | N/A | 4.9 MEDIUM | ||
| Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.6.29. | |||||
| CVE-2025-30887 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9. | |||||
| CVE-2025-30809 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4. | |||||
| CVE-2025-22670 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2. | |||||
| CVE-2025-30874 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3. | |||||
| CVE-2025-30824 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Israpil Textmetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Textmetrics: from n/a through 3.6.1. | |||||
| CVE-2025-30864 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2. | |||||