Total
6630 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32218 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4. | |||||
| CVE-2025-31381 | 2025-04-07 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3. | |||||
| CVE-2025-32231 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Bookingor Bookingor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bookingor: from n/a through 1.0.6. | |||||
| CVE-2025-32229 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Bowo Variable Inspector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Variable Inspector: from n/a through 2.6.3. | |||||
| CVE-2025-32235 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.9.4. | |||||
| CVE-2025-32253 | 2025-04-07 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ComMotion Course Booking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Course Booking System: from n/a through 6.0.5. | |||||
| CVE-2025-32246 | 2025-04-07 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 1-Click Backup & Restore Database: from n/a through 1.0.3. | |||||
| CVE-2025-32232 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ERA404 StaffList allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects StaffList: from n/a through 3.2.6. | |||||
| CVE-2025-32277 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211. | |||||
| CVE-2025-1233 | 2025-04-07 | N/A | 4.3 MEDIUM | ||
| The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site. | |||||
| CVE-2025-2933 | 2025-04-07 | N/A | 8.8 HIGH | ||
| The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-0893 | 1 Schemaapp | 1 Schema App Structured Data | 2025-04-04 | N/A | 4.3 MEDIUM |
| The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata. | |||||
| CVE-2020-22007 | 1 Okerthai | 2 G955v1, G955v1 Firmware | 2025-04-04 | N/A | 6.8 MEDIUM |
| OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges. | |||||
| CVE-2024-1376 | 1 Avecnous | 1 Event Post | 2025-04-04 | N/A | 4.3 MEDIUM |
| The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data. | |||||
| CVE-2024-38748 | 1 Theinnovs | 1 Eleforms | 2025-04-04 | N/A | 5.3 MEDIUM |
| Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9. | |||||
| CVE-2024-43142 | 1 Themeum | 1 Tutor Lms | 2025-04-04 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3. | |||||
| CVE-2024-43136 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2025-04-04 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1. | |||||
| CVE-2022-44626 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-04-04 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20. | |||||
| CVE-2024-4858 | 1 Uapp | 1 Testimonial Carousel For Elementor | 2025-04-04 | N/A | 5.3 MEDIUM |
| The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature. | |||||
| CVE-2025-24654 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2025-04-04 | N/A | 7.1 HIGH |
| Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05. | |||||