Export limit exceeded: 11623 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11623 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3138 | 2 Woobewoo, Wordpress | 2 Product Filter For Woocommerce By Wbw, Wordpress | 2026-04-24 | 6.5 Medium |
| The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers via `wp_ajax_nopriv_` hooks without verifying user capabilities, combined with the base controller's `__call()` magic method forwarding undefined method calls to the model layer, and the `havePermissions()` method defaulting to `true` when no permissions are explicitly defined. This makes it possible for unauthenticated attackers to truncate the plugin's `wp_wpf_filters` database table via a crafted AJAX request with `action=delete`, permanently destroying all filter configurations. | ||||
| CVE-2026-4590 | 1 Kalcaddle | 1 Kodbox | 2026-04-24 | 3.1 Low |
| A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site request forgery. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-23972 | 2 Magepeople, Wordpress | 2 Booking & Rental Manager, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0. | ||||
| CVE-2026-25009 | 2 Rarathemes, Wordpress | 2 Education Zone, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8. | ||||
| CVE-2026-23806 | 2 Blueglass Interactive Ag, Wordpress | 2 Jobs For Wordpress, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8. | ||||
| CVE-2026-25309 | 2 Publishpress, Wordpress | 2 Publishpress Authors, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1. | ||||
| CVE-2026-22485 | 2 Ruhul080, Wordpress | 2 My Album Gallery, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through <= 1.0.4. | ||||
| CVE-2026-25365 | 2 Wordpress, Özgür Karalar | 2 Wordpress, Kargo Takip | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4. | ||||
| CVE-2026-25034 | 2 Iqonic, Wordpress | 2 Kivicare, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16. | ||||
| CVE-2026-2720 | 2 Codeclove, Wordpress | 2 Hr Press Lite, Wordpress | 2026-04-24 | 6.5 Medium |
| The Hr Press Lite plugin for WordPress is vulnerable to unauthorized access of sensitive employee data due to a missing capability check on the `hrp-fetch-employees` AJAX action in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive employee information including names, email addresses, phone numbers, salary/pay rates, employment dates, and employment status. | ||||
| CVE-2026-3335 | 2 Flightbycanto, Wordpress | 2 Canto, Wordpress | 2026-04-24 | 5.3 Medium |
| The Canto plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1 via the `/wp-content/plugins/canto/includes/lib/copy-media.php` file. This is due to the file being directly accessible without any authentication, authorization, or nonce checks, and the `fbc_flight_domain` and `fbc_app_api` URL components being accepted as user-supplied POST parameters rather than read from admin-configured options. Since the attacker controls both the destination server and the `fbc_app_token` value, the entire fetch-and-upload chain is attacker-controlled — the server never contacts Canto's legitimate API, and the uploaded file originates entirely from the attacker's infrastructure. This makes it possible for unauthenticated attackers to upload arbitrary files (constrained to WordPress-allowed MIME types) to the WordPress uploads directory. Additional endpoints (`detail.php`, `download.php`, `get.php`, `tree.php`) are also directly accessible without authentication and make requests using a user-supplied `app_api` parameter combined with an admin-configured subdomain. | ||||
| CVE-2026-2941 | 2 Plugli, Wordpress | 2 Linksy Search And Replace, Wordpress | 2026-04-24 | 8.8 High |
| The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update any database table, any value, including the wp_capabilities database field, which allows attackers to change their own role to administrator, which leads to privilege escalation. | ||||
| CVE-2026-4261 | 2 Husobj, Wordpress | 2 Expire Users, Wordpress | 2026-04-24 | 8.8 High |
| The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_fields' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | ||||
| CVE-2026-3570 | 2 Acumenconsulting, Wordpress | 2 Smarter Analytics, Wordpress | 2026-04-24 | 5.3 Medium |
| The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for unauthenticated attackers to reset all plugin configuration and delete all per-page/per-post analytics settings via the 'reset' parameter. | ||||
| CVE-2026-3645 | 2 Punnel, Wordpress | 2 Punnel – Landing Page Builder, Wordpress | 2026-04-24 | 5.3 Medium |
| The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The save_config() function, which handles the 'punnel_save_config' AJAX action, lacks any capability check (current_user_can()) and nonce verification. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin's entire configuration including the API key via a POST request to admin-ajax.php. Once the API key is known (because the attacker set it), the attacker can use the plugin's public API endpoint (sniff_requests() at /?punnel_api=1) — which only validates requests by comparing a POST token against the stored api_key — to create, update, or delete arbitrary posts, pages, and products on the site. | ||||
| CVE-2026-3651 | 2 Hakeemnala, Wordpress | 2 Build App Online, Wordpress | 2026-04-24 | 5.3 Medium |
| The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wp_ajax_nopriv_ without proper authentication checks, capability verification, or nonce validation in the update_vendor_product() function. The function accepts a user-supplied post ID from the request and calls wp_update_post() to modify the post_author field without validating whether the user has permission to modify the specified post. This makes it possible for unauthenticated attackers to modify the post_author of arbitrary posts to 0 (orphaning posts from their legitimate authors), or for authenticated attackers to claim ownership of any post by setting themselves as the author. | ||||
| CVE-2026-4127 | 2 Charlycharm, Wordpress | 2 Speedup Optimization, Wordpress | 2026-04-24 | 4.3 Medium |
| The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_speedup01_enabled` AJAX action, does not perform any capability check via `current_user_can()` and also lacks nonce verification. This is in contrast to other AJAX handlers in the same plugin (e.g., `speedup01_ajax_install_iox` and `speedup01_ajax_delete_cache_file`) which properly check for `install_plugins` and `manage_options` capabilities respectively. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable or disable the site's optimization module by sending a POST request to admin-ajax. | ||||
| CVE-2026-3506 | 2 Larrykim, Wordpress | 2 Wp-chatbot For Messenger, Wordpress | 2026-04-24 | 5.3 Medium |
| The WP-Chatbot for Messenger plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the site's MobileMonkey API token and company ID options, which can be used to hijack chatbot configuration and redirect visitor conversations to an attacker-controlled MobileMonkey account. | ||||
| CVE-2026-40474 | 2 Wger, Wger-project | 2 Wger, Wger | 2026-04-24 | 7.6 High |
| wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an ownerless singleton, any authenticated user can modify the global gym configuration, triggering save() side effects that bulk-update user profile gym assignments — a vertical privilege escalation to installation-wide configuration control. This issue is fixed in version 2.5. | ||||
| CVE-2026-41909 | 1 Openclaw | 1 Openclaw | 2026-04-24 | 5.4 Medium |
| OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the same gateway scope. | ||||