Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49289 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.5.0. | |||||
| CVE-2025-24762 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19. | |||||
| CVE-2025-49248 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in cmoreira Team Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Showcase: from n/a through n/a. | |||||
| CVE-2025-28985 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2. | |||||
| CVE-2025-49287 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8. | |||||
| CVE-2025-49272 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in sergiotrinity Trinity Audio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trinity Audio: from n/a through 5.20.0. | |||||
| CVE-2025-28997 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | |||||
| CVE-2025-30927 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0. | |||||
| CVE-2025-49441 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0. | |||||
| CVE-2025-24763 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14. | |||||
| CVE-2025-30957 | 2025-06-06 | N/A | N/A | ||
| Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2. | |||||
| CVE-2025-5486 | 2025-06-06 | N/A | 9.8 CRITICAL | ||
| The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account. | |||||
| CVE-2025-5018 | 2025-06-06 | N/A | 7.1 HIGH | ||
| The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242. | |||||
| CVE-2025-1777 | 2025-06-06 | N/A | 6.4 MEDIUM | ||
| The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-1778 | 2025-06-06 | N/A | 4.3 MEDIUM | ||
| The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option. | |||||
| CVE-2023-41802 | 1 Heateor | 1 Super Socializer | 2025-06-05 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54. | |||||
| CVE-2022-46795 | 1 Tychesoftwares | 1 Print Invoice \& Delivery Notes For Woocommerce | 2025-06-05 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2. | |||||
| CVE-2023-41695 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0. | |||||
| CVE-2022-45830 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. | |||||
| CVE-2024-1584 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-05 | N/A | N/A |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID. | |||||