Total
4899 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-5486 | 2025-06-06 | N/A | 9.8 CRITICAL | ||
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account. | |||||
CVE-2025-1778 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option. | |||||
CVE-2025-48784 | 2025-06-06 | N/A | N/A | ||
A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization. | |||||
CVE-2025-49320 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11. | |||||
CVE-2025-28985 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2. | |||||
CVE-2025-30932 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in WP Compress WP Compress for MainWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Compress for MainWP: from n/a through 6.30.32. | |||||
CVE-2025-49246 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in cmoreira Testimonials Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Testimonials Showcase: from n/a through 1.9.16. | |||||
CVE-2025-28997 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | |||||
CVE-2025-30990 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1. | |||||
CVE-2025-30945 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3. | |||||
CVE-2025-48335 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0. | |||||
CVE-2025-49236 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0. | |||||
CVE-2025-30624 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4. | |||||
CVE-2025-24778 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3. | |||||
CVE-2025-30636 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in Ability, Inc Accessibility Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite: from n/a through 4.19. | |||||
CVE-2025-24776 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0. | |||||
CVE-2025-30927 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0. | |||||
CVE-2025-30958 | 2025-06-06 | N/A | 5.4 MEDIUM | ||
Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects onOffice for WP-Websites: from n/a through 5.7. | |||||
CVE-2025-28995 | 2025-06-06 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. | |||||
CVE-2025-49293 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2. |