Total
7793 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8430 | 1 Spicethemes | 1 Spice Starter Sites | 2026-04-15 | 5.3 Medium |
| The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content. | ||||
| CVE-2025-5185 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-13810 | 2026-04-15 | 4.3 Medium | ||
| The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo content and overwrite the site. | ||||
| CVE-2023-36683 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8. | ||||
| CVE-2024-32805 | 1 Social Snap | 1 Social Snap | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5. | ||||
| CVE-2025-8505 | 1 495300897 | 1 Wx-shop | 2026-04-15 | 4.3 Medium |
| A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2023-40608 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.2 High |
| Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3. | ||||
| CVE-2025-64219 | 2 Strategy11, Wordpress | 2 Business Directory Plugin - Easy Listing Directories, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18. | ||||
| CVE-2023-37872 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.5. | ||||
| CVE-2024-1137 | 2026-04-15 | 4.3 Medium | ||
| The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. | ||||
| CVE-2025-64248 | 2 Emarketdesign, Wordpress | 2 Request A Quote, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in emarket-design Request a Quote request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Request a Quote: from n/a through <= 2.5.3. | ||||
| CVE-2024-22272 | 1 Vmware | 1 Cloud Director | 2026-04-15 | 4.9 Medium |
| VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope. | ||||
| CVE-2024-0900 | 1 Wordpress | 1 Elespare | 2026-04-15 | 4.3 Medium |
| The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts. | ||||
| CVE-2025-15041 | 2 Wordpress, Wp Media | 2 Wordpress, Backwpup – Wordpress Backup & Restore Plugin | 2026-04-15 | 7.2 High |
| The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-13424 | 2026-04-15 | 4.3 Medium | ||
| The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and modify commission amounts. | ||||
| CVE-2025-66165 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7. | ||||
| CVE-2024-1119 | 1 Adrian Emil Tudorache | 1 Order Tip | 2026-04-15 | 5.3 Medium |
| The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees. | ||||
| CVE-2023-51523 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in WriterSystem WooCommerce Easy Duplicate Product.This issue affects WooCommerce Easy Duplicate Product: from n/a through 0.3.0.7. | ||||
| CVE-2023-52179 | 2 Webcodingplace, Wordpress | 2 Product Expiry For Woocommerce, Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in WebCodingPlace Product Expiry for WooCommerce.This issue affects Product Expiry for WooCommerce: from n/a through 2.5. | ||||
| CVE-2025-53499 | 2026-04-15 | 9.1 Critical | ||
| Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2. | ||||