Total
6603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33948 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-13 | 5.3 Medium |
| The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. | ||||
| CVE-2025-8310 | 1 Ivanti | 1 Virtual Application Delivery Controller | 2026-01-12 | 6.5 Medium |
| Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password | ||||
| CVE-2026-0628 | 1 Google | 1 Chrome | 2026-01-12 | 8.8 High |
| Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2025-58192 | 3 Wordpress, Xylus Themes, Xylusthemes | 3 Wordpress, Wp Bulk Delete, Wp Bulk Delete | 2026-01-12 | 4.3 Medium |
| Missing Authorization vulnerability in Xylus Themes WP Bulk Delete allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Bulk Delete: from n/a through 1.3.6. | ||||
| CVE-2025-11191 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 5.3 Medium |
| The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site. | ||||
| CVE-2015-10140 | 1 Connekthq | 1 Ajax Load More | 2026-01-09 | 8.8 High |
| The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files. | ||||
| CVE-2025-30881 | 2 Themehunk, Wordpress | 2 Big Store, Wordpress | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8. | ||||
| CVE-2025-30990 | 1 Themehunk | 1 Mega Menu | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1. | ||||
| CVE-2022-40218 | 1 Themehunk | 1 Advance Product Search | 2026-01-09 | 6.5 Medium |
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | ||||
| CVE-2024-37505 | 1 Rarathemes | 1 Business One Page | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9. | ||||
| CVE-2025-9637 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-01-09 | 6.5 Medium |
| The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload. | ||||
| CVE-2025-13679 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-01-09 | 6.5 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate order IDs and exfiltrate sensitive data (PII), such as student name, email address, phone number, and billing address. | ||||
| CVE-2026-22522 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 6.5 Medium |
| Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3. | ||||
| CVE-2026-22487 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2. | ||||
| CVE-2026-22517 | 2 Passionate Brains, Wordpress | 2 Ga4wp, Wordpress | 2026-01-09 | 5.4 Medium |
| Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0. | ||||
| CVE-2026-22488 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 5.3 Medium |
| Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8. | ||||
| CVE-2026-22486 | 2 Hakob, Wordpress | 2 Re Gallery Responsive Photo Gallery Plugin, Wordpress | 2026-01-09 | 5.3 Medium |
| Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18. | ||||
| CVE-2026-22492 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04. | ||||
| CVE-2026-22490 | 2 Niklaslindemann, Wordpress | 2 Bulk Landing Page Creator For Wordpress Lpagery, Wordpress | 2026-01-09 | 5.4 Medium |
| Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9. | ||||
| CVE-2025-9294 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-01-09 | 4.3 Medium |
| The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results. | ||||