Total
6630 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4872 | 1 Chained Products Project | 1 Chained Products | 2025-03-27 | N/A | 4.3 MEDIUM |
| The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' | |||||
| CVE-2024-30234 | 1 Wpxpo | 1 Wholesalex | 2025-03-27 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | |||||
| CVE-2024-13801 | 2025-03-27 | N/A | 8.1 HIGH | ||
| The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | |||||
| CVE-2025-2224 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. This makes it possible for unauthenticated attackers to update the post_status of any post to 'publish'. | |||||
| CVE-2025-2276 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate/deactivate plugin modules. | |||||
| CVE-2025-30772 | 2025-03-27 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce allows Privilege Escalation. This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through 3.0.4. | |||||
| CVE-2025-30790 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Chatbox Manager: from n/a through 1.2.2. | |||||
| CVE-2025-30803 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Greg Ross Just Writing Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Just Writing Statistics: from n/a through 5.3. | |||||
| CVE-2025-30767 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.3.0. | |||||
| CVE-2025-30866 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Terms & Conditions Per Product: from n/a through 1.2.15. | |||||
| CVE-2025-30896 | 2025-03-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP ERP: from n/a through 1.13.4. | |||||
| CVE-2025-30864 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2. | |||||
| CVE-2025-22668 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2. | |||||
| CVE-2025-30909 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Conversios.io: from n/a through 7.2.3. | |||||
| CVE-2025-30883 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in richplugins Trust.Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trust.Reviews: from n/a through 2.3. | |||||
| CVE-2025-30828 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29. | |||||
| CVE-2025-30830 | 2025-03-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Hossni Mubarak Cool Author Box allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cool Author Box: from n/a through 2.9.9. | |||||
| CVE-2025-22647 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2. | |||||
| CVE-2025-30874 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3. | |||||
| CVE-2025-30851 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Tickera Tickera allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tickera: from n/a through 3.5.5.2. | |||||