Search Results (8465 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5992 2 Cliengo, Wordpress 2 Cliengo-chatbot, Wordpress 2026-04-15 6.5 Medium
The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot.
CVE-2024-38719 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2.
CVE-2024-38721 2 Spider-themes, Wordpress 2 Eazydocs, Wordpress 2026-04-15 7.1 High
Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.5.0.
CVE-2024-7621 1 Wpfeedback 1 Visual Website Collaboration 2026-04-15 5.4 Medium
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.
CVE-2024-37214 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
CVE-2024-38727 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
CVE-2024-37276 1 Fifu 1 Featured Image From Url 2026-04-15 5.3 Medium
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
CVE-2024-38743 1 Upqode 1 Plum 2026-04-15 5.3 Medium
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2024-38777 2026-04-15 6.5 Medium
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
CVE-2025-67474 2 Ultimatemember, Wordpress 2 Forumwp, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Ultimate Member ForumWP forumwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ForumWP: from n/a through <= 2.1.4.
CVE-2025-42984 2026-04-15 5.4 Medium
SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.
CVE-2024-4102 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables.
CVE-2025-67572 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVE-2025-68043 2 Lottiefiles, Wordpress 2 Lottiefiles, Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
CVE-2025-60045 2 Themeatelier, Wordpress 2 Idonate, Wordpress 2026-04-15 7.5 High
Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects IDonatePro: from n/a through <= 2.1.11.
CVE-2024-4139 2026-04-15 4.3 Medium
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.
CVE-2025-62996 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Code Amp Custom Layouts – Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through <= 1.4.12.
CVE-2024-4355 2026-04-15 4.3 Medium
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.23. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data.
CVE-2024-2222 2026-04-15 4.3 Medium
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_callback_delete_attachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber access or higher, to delete arbitrary media uploads.
CVE-2024-4199 2026-04-15 4.3 Medium
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation.