Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31540 | 2025-04-01 | N/A | N/A | ||
| Missing Authorization vulnerability in acmemediakits ACME Divi Modules allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ACME Divi Modules: from n/a through 1.3.5. | |||||
| CVE-2025-31533 | 2025-04-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3. | |||||
| CVE-2025-31822 | 2025-04-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Simple HTML Sitemap: from n/a through 3.2. | |||||
| CVE-2025-31757 | 2025-04-01 | N/A | N/A | ||
| Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Free Woocommerce Product Table View: from n/a through 1.78. | |||||
| CVE-2025-31820 | 2025-04-01 | N/A | N/A | ||
| Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Automatic Featured Images from Videos: from n/a through 1.2.4. | |||||
| CVE-2025-2589 | 1 Code-projects | 1 Human Resource Management | 2025-04-01 | N/A | 9.8 CRITICAL |
| A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-24459 | 1 Jenkins | 1 Bearychat | 2025-04-01 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2025-30855 | 2025-03-31 | N/A | N/A | ||
| Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1. | |||||
| CVE-2025-31417 | 2025-03-31 | N/A | N/A | ||
| Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Docs: from n/a through n/a. | |||||
| CVE-2025-2266 | 2025-03-29 | N/A | 9.8 CRITICAL | ||
| The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-28155 | 1 Jenkins | 1 Appspider | 2025-03-29 | N/A | 4.3 MEDIUM |
| Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. | |||||
| CVE-2023-52352 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-28 | N/A | 5.5 MEDIUM |
| In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed | |||||
| CVE-2025-1668 | 1 Igexsolutions | 1 Wpschoolpress | 2025-03-28 | N/A | 5.4 MEDIUM |
| The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts. | |||||
| CVE-2022-39811 | 1 Italtel | 1 Netmatch-s Ci | 2025-03-28 | N/A | 9.1 CRITICAL |
| Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). | |||||
| CVE-2025-22740 | 2025-03-28 | N/A | N/A | ||
| Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4. | |||||
| CVE-2025-2815 | 2025-03-28 | N/A | 8.8 HIGH | ||
| The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-31469 | 2025-03-28 | N/A | N/A | ||
| Missing Authorization vulnerability in webrangers Clear Sucuri Cache allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clear Sucuri Cache: from n/a through 1.4. | |||||
| CVE-2025-26733 | 2025-03-28 | N/A | N/A | ||
| Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8. | |||||
| CVE-2025-22739 | 2025-03-28 | N/A | N/A | ||
| Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5. | |||||
| CVE-2025-2267 | 1 Wp01ru | 1 Wp01 | 2025-03-28 | N/A | 6.5 MEDIUM |
| The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. | |||||