Export limit exceeded: 10591 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10591 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24951 | 2 Saadiqbal, Wordpress | 2 Mycred, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3. | ||||
| CVE-2026-24965 | 3 Contest-gallery, Contest Gallery, Wordpress | 3 Contest Gallery, Contest Gallery, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through <= 28.1.1. | ||||
| CVE-2026-24967 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | ||||
| CVE-2026-24982 | 2 Brainstormforce, Wordpress | 2 Spectra, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.17. | ||||
| CVE-2026-24984 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 6.5 Medium |
| Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9. | ||||
| CVE-2026-24990 | 2 Fahad Mahmood, Wordpress | 2 Wp Docs, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8. | ||||
| CVE-2026-24994 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.2. | ||||
| CVE-2026-25010 | 2 Illid, Wordpress | 2 Share This Image, Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09. | ||||
| CVE-2026-25011 | 2 Northern Beaches Websites, Wordpress | 2 Wp Custom Admin Interface, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41. | ||||
| CVE-2026-25012 | 1 Wordpress | 1 Wordpress | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0. | ||||
| CVE-2026-25020 | 2 Wordpress, Wp Connect | 2 Wordpress, Wp Sync For Notion | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0. | ||||
| CVE-2026-25021 | 2 Mizan Themes, Wordpress | 2 Mizan Demo Importer, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through <= 0.1.3. | ||||
| CVE-2026-25028 | 2 Elementinvader, Wordpress | 2 Elementinvader Addons For Elementor, Wordpress | 2026-04-16 | 5.4 Medium |
| Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.4.1. | ||||
| CVE-2026-1722 | 2 Wclovers, Wordpress | 2 Wcfm Marketplace – Multivendor Marketplace For Woocommerce, Wordpress | 2026-04-16 | 5.3 Medium |
| The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm-refund-requests-form` AJAX controller. This makes it possible for unauthenticated attackers to create arbitrary refund requests for any order ID and item ID, potentially leading to financial loss if automatic refund approval is enabled in the plugin settings. | ||||
| CVE-2026-1104 | 2 Ninjateam, Wordpress | 2 Fastdup – Fastest Wordpress Migration & Duplicator, Wordpress | 2026-04-16 | 8.8 High |
| The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create and download full-site backup archives containing the entire WordPress installation, including database exports and configuration files. | ||||
| CVE-2026-1932 | 2 Bssoftware, Wordpress | 2 Appointment Booking Calendar Plugin – Bookr, Wordpress | 2026-04-16 | 5.3 Medium |
| The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API endpoint in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to modify the status of any appointment. | ||||
| CVE-2026-1906 | 2 Wordpress, Wpovernight | 2 Wordpress, Pdf Invoices & Packing Slips For Woocommerce | 2026-04-16 | 4.3 Medium |
| The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_customer_peppol_identifiers` AJAX action due to missing capability checks and order ownership validation. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify Peppol/EDI endpoint identifiers (`peppol_endpoint_id`, `peppol_endpoint_eas`) for any customer by specifying an arbitrary `order_id` parameter on systems using Peppol invoicing. This can affect order routing on the Peppol network and may result in payment disruptions and data leakage. | ||||
| CVE-2026-2126 | 2 Specialk, Wordpress | 2 User Submitted Posts – Enable Users To Submit Posts From The Front End, Wordpress | 2026-04-16 | 5.3 Medium |
| The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions. | ||||
| CVE-2026-27056 | 2 Stellarwp, Wordpress | 2 Ithemes Sync, Wordpress | 2026-04-16 | 4.3 Medium |
| Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8. | ||||
| CVE-2026-24375 | 2 Wordpress, Wpswings | 2 Wordpress, Ultimate Gift Cards For Woocommerce | 2026-04-16 | 5.3 Medium |
| Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4. | ||||