| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through <= 1.87. |
| The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes. |
| Missing Authorization vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Helper Premium: from n/a through <= 4.6.1. |
| Missing Authorization vulnerability in Space Codes AI for SEO ai-for-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through <= 1.2.9. |
| Missing Authorization vulnerability in AndonDesign uDesign udesign.This issue affects uDesign: from n/a through <= 4.11.2. |
| Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8. |
| Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45. |
| V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows normal users to gain administrative access by manipulating the user role parameter. Attackers can send a crafted HTTP POST request to the user management endpoint with 'user_role_mod' set to integer value '1' to elevate their privileges. |
| Missing Authorization vulnerability in Phillip Dane Joy Of Text Lite joy-of-text.This issue affects Joy Of Text Lite: from n/a through <= 2.3.1. |
| Missing Authorization vulnerability in Hardik Sticky Header On Scroll sticky-header-on-scroll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header On Scroll: from n/a through <= 1.0. |
| Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0. |
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. |
| Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7. |
| Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form elastic-email-subscribe-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Subscribe Form: from n/a through <= 1.2.2. |
| Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4. |
| Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chatbox Manager: from n/a through <= 1.2.2. |
| The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts. |
| The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ftp_details' AJAX action in all versions up to, and including, 7.27. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a configured set of SFTP/FTP credentials. |
| SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application. |
| Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. |
