Export limit exceeded: 10571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31821 | 1 Sylius | 1 Sylius | 2026-04-16 | 5.3 Medium |
| Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/{tokenValue}/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue can add arbitrary items to another customer's cart. The endpoint returns the full cart representation in the response (HTTP 201). The issue is fixed in versions: 2.0.16, 2.1.12, 2.2.3 and above. | ||||
| CVE-2026-31834 | 1 Umbraco | 1 Umbraco Cms | 2026-04-16 | 7.2 High |
| Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group memberships. The affected functionality does not properly validate whether a user has sufficient privileges to assign highly privileged roles. This vulnerability is fixed in 16.5.1 and 17.2.2. | ||||
| CVE-2026-35645 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 8.1 High |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged operations with unintended administrative scope. | ||||
| CVE-2026-1004 | 2 Wordpress, Wpdevteam | 2 Wordpress, Essential Addons For Elementor | 2026-04-16 | 5.3 Medium |
| The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product information for products with draft, pending, or private status, which should normally be restricted. | ||||
| CVE-2026-22461 | 2 Webappick, Wordpress | 2 Ctx Feed, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18. | ||||
| CVE-2026-24566 | 2 Inet, Wordpress | 2 Inet Webkit, Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4. | ||||
| CVE-2026-24945 | 2 Themefic, Wordpress | 2 Ultimate Addons For Contact Form 7, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.34. | ||||
| CVE-2026-24957 | 2 Wordpress, Wpchill | 2 Wordpress, Strong Testimonials | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20. | ||||
| CVE-2026-24995 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.0. | ||||
| CVE-2026-24997 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through <= 2.8. | ||||
| CVE-2026-25036 | 2 Wordpress, Wpchill | 2 Wordpress, Passster | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25. | ||||
| CVE-2026-23545 | 2 Arubadev, Wordpress | 2 Aruba Hispeed Cache, Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through <= 3.0.4. | ||||
| CVE-2026-23547 | 2 Cmsmasters, Wordpress | 2 Cmsmasters Content Composer, Wordpress | 2026-04-16 | 7.1 High |
| Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8. | ||||
| CVE-2026-23804 | 2 Bbr Plugins, Wordpress | 2 Better Business Reviews, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1. | ||||
| CVE-2026-25318 | 2 Wisernotify Team, Wordpress | 2 Wiserreview Product Reviews For Woocommerce, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9. | ||||
| CVE-2026-25321 | 2 Psm Plugins, Wordpress | 2 Supportcandy, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4. | ||||
| CVE-2026-25386 | 2 Elementor, Wordpress | 2 Ally, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2. | ||||
| CVE-2026-25388 | 2 Scripteo, Wordpress | 2 Ads Pro, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0. | ||||
| CVE-2026-25395 | 2 Ikreatethemes, Wordpress | 2 Business Roy, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4. | ||||
| CVE-2026-25407 | 2 Cookiebot, Wordpress | 2 Cookiebot, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4. | ||||