Search Results (11848 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-2476 2026-04-15 4.3 Medium
The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys.
CVE-2024-28394 1 Advancedplugins 1 Reportsstatistics 2026-04-15 9.8 Critical
An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.
CVE-2024-2848 1 Cyberchimps 1 Responsive 2026-04-15 7.5 High
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer.
CVE-2024-28627 1 Flipsnack 1 Flipsnack 2026-04-15 7.5 High
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.
CVE-2024-2962 1 Codesupplyco 1 Networker Technews Wordpress Theme With Dark Mode 2026-04-15 5.3 Medium
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus.
CVE-2024-30217 2026-04-15 4.3 Medium
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.
CVE-2024-31118 2 Smartypantsplugins, Wordpress 2 Sp Project & Document Manager, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.
CVE-2024-3206 2026-04-15 4.3 Medium
The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate menus.
CVE-2024-32146 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1.
CVE-2024-32148 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0.
CVE-2024-3275 2026-04-15 4.3 Medium
The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts.
CVE-2024-3277 2 Wordpress, Yumpu 2 Wordpress, Yumpu Epaper Publishing 2026-04-15 5 Medium
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key.
CVE-2024-32779 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Avirtum Vision Interactive.This issue affects Vision Interactive: from n/a through 1.7.1.
CVE-2024-32783 2026-04-15 4.3 Medium
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0.
CVE-2024-32787 2 Copy Content Protection Team, Wordpress 2 Secure Copy Content Protection And Content Locking, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.
CVE-2024-32797 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.
CVE-2024-32802 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32.
CVE-2024-32804 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.
CVE-2024-32805 1 Social Snap 1 Social Snap 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.
CVE-2024-32813 1 Softlab 1 Integrate Google Drive 2026-04-15 5.3 Medium
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9.