Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8626 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4010 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2026-04-15 | 8.8 High |
| The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks. | ||||
| CVE-2024-39596 | 2026-04-15 | 4.3 Medium | ||
| Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application. | ||||
| CVE-2024-3915 | 1 Swift Ideas | 1 Swift Framework | 2026-04-15 | 5.3 Medium |
| The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details. | ||||
| CVE-2024-38699 | 1 Wpswings | 1 Wallet System For Woocommerce | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | ||||
| CVE-2024-38695 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6. | ||||
| CVE-2024-38690 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3. | ||||
| CVE-2024-3821 | 2026-04-15 | 7.3 High | ||
| The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin. | ||||
| CVE-2024-37935 | 1 Anhvnit | 1 Woocommerce Openpos | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. | ||||
| CVE-2024-37926 | 1 Volkov | 1 Wp Accessibility Helper | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9. | ||||
| CVE-2024-37475 | 1 Automattic | 1 Newspack Newsletters | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2. | ||||
| CVE-2024-37468 | 1 Blazethemes | 1 Newsmatic | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1. | ||||
| CVE-2024-37456 | 1 Noptin | 1 Noptin | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2. | ||||
| CVE-2024-37443 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0. | ||||
| CVE-2024-37439 | 1 Uncannyowl | 1 Uncanny Toolkit Pro For Learndash | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0 | ||||
| CVE-2024-37427 | 1 Arraytics | 1 Timetics | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21. | ||||
| CVE-2024-37425 | 2026-04-15 | 5.4 Medium | ||
| Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. | ||||
| CVE-2024-37276 | 1 Fifu | 1 Featured Image From Url | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1. | ||||
| CVE-2024-37269 | 1 Stylemixthemes | 1 Masterstudy Elementor Widgets | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2. | ||||
| CVE-2024-37254 | 2 Mndpsingh287, Wordpress | 2 File Manager, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7. | ||||
| CVE-2023-36683 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in WP SCHEMA PRO Schema Pro.This issue affects Schema Pro: from n/a through 2.7.8. | ||||