Total
6616 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53806 | 2 Wordpress, Wpmaspik | 2 Wordpress, Maspik | 2025-07-14 | 5.4 Medium |
| Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. | ||||
| CVE-2024-11724 | 1 Wpeka | 1 Wp Cookie Consent | 2025-07-14 | 4.3 Medium |
| The Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts. | ||||
| CVE-2025-6814 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.5 High |
| The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request. | ||||
| CVE-2025-5812 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings. | ||||
| CVE-2025-53304 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in Rohil Contact Form – 7 : Hide Success Message allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Contact Form – 7 : Hide Success Message: from n/a through 1.1.4. | ||||
| CVE-2025-53293 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3. | ||||
| CVE-2025-52818 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.2 High |
| Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trusty Whistleblowing: from n/a through 1.5.2. | ||||
| CVE-2025-53288 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in Adrian Ladó PlatiOnline Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PlatiOnline Payments: from n/a through 6.3.2. | ||||
| CVE-2025-53295 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in iCount iCount Payment Gateway allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects iCount Payment Gateway: from n/a through 2.0.6. | ||||
| CVE-2025-53318 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.4 Medium |
| Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1. | ||||
| CVE-2025-52817 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.2 High |
| Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Abandoned Contact Form 7: from n/a through 2.0. | ||||
| CVE-2025-52824 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.8 High |
| Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6. | ||||
| CVE-2025-53266 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0. | ||||
| CVE-2025-53284 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in pankaj.sakaria CMS Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CMS Blocks: from n/a through 1.1. | ||||
| CVE-2025-50039 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in vgwort VG WORT METIS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VG WORT METIS: from n/a through 2.0.0. | ||||
| CVE-2025-47565 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.3 Medium |
| Missing Authorization vulnerability in ashanjay EventON allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventON: from n/a through 4.9.9. | ||||
| CVE-2025-47634 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 6.5 Medium |
| Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9. | ||||
| CVE-2025-29007 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 4.3 Medium |
| Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4. | ||||
| CVE-2025-30929 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 5.3 Medium |
| Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0. | ||||
| CVE-2025-42953 | 1 Sap | 1 Netweaver | 2025-07-13 | 8.1 High |
| SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system. | ||||