Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40670 | 1 Wpdeveloper | 1 Reviewx | 2025-06-27 | N/A | N/A |
| Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. | |||||
| CVE-2024-3609 | 1 Wpdeveloper | 1 Reviewx | 2025-06-27 | N/A | N/A |
| The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments. | |||||
| CVE-2025-6664 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32254 | 1 Iqonic | 1 Wpbookit | 2025-06-27 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Iqonic Design WPBookit allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WPBookit: from n/a through 1.0.1. | |||||
| CVE-2025-6476 | 1 Oretnom23 | 1 Gym Management System | 2025-06-27 | N/A | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Gym Management System 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6478 | 1 Codeastro | 1 Expense Management System | 2025-06-27 | N/A | 4.3 MEDIUM |
| A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. | |||||
| CVE-2025-53288 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2. | |||||
| CVE-2025-53255 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1. | |||||
| CVE-2025-53304 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Contact Form – 7 : Hide Success Message: from n/a through 1.1.4. | |||||
| CVE-2025-53323 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1. | |||||
| CVE-2025-53284 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1. | |||||
| CVE-2025-53200 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. | |||||
| CVE-2025-53266 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0. | |||||
| CVE-2025-53318 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1. | |||||
| CVE-2025-53295 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in iCount iCount Payment Gateway allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects iCount Payment Gateway: from n/a through 2.0.6. | |||||
| CVE-2025-53293 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3. | |||||
| CVE-2025-52824 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6. | |||||
| CVE-2025-52817 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0. | |||||
| CVE-2025-52818 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2. | |||||
| CVE-2025-32281 | 2025-06-27 | N/A | N/A | ||
| Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0. | |||||