Total
7132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1280 | 2026-01-29 | N/A | 7.5 HIGH | ||
| The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files via email by supplying a file ID. Since file IDs are sequential integers, attackers can enumerate all uploaded files on the site and exfiltrate sensitive data that was intended to be restricted to administrators only. | |||||
| CVE-2025-14386 | 2026-01-29 | N/A | 8.8 HIGH | ||
| The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions in versions 2.4.4 to 2.5.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the 'nonce_token' authentication value to log in to the first Administrator's account. | |||||
| CVE-2025-64352 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-01-29 | N/A | 2.7 LOW |
| Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4. | |||||
| CVE-2025-67958 | 2026-01-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8. | |||||
| CVE-2025-66143 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10. | |||||
| CVE-2025-66142 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1. | |||||
| CVE-2025-66141 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. | |||||
| CVE-2025-66139 | 2026-01-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9. | |||||
| CVE-2025-68019 | 2026-01-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8. | |||||
| CVE-2025-67967 | 2026-01-29 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | |||||
| CVE-2025-68009 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3. | |||||
| CVE-2025-68007 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf. | |||||
| CVE-2025-68013 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2. | |||||
| CVE-2026-24529 | 2026-01-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7. | |||||
| CVE-2026-22447 | 2026-01-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1. | |||||
| CVE-2025-67939 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2. | |||||
| CVE-2025-68016 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2. | |||||
| CVE-2026-22458 | 2026-01-28 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5. | |||||
| CVE-2025-68911 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16. | |||||
| CVE-2025-68059 | 2026-01-28 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2. | |||||