Export limit exceeded: 11824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11824 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3608 1 Pickplugins 1 Product Designer 2026-04-15 5.3 Medium
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments. CVE-2024-38726 appears to be a duplicate of this issue.
CVE-2024-3745 2026-04-15 7.8 High
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
CVE-2024-36055 2026-04-15 5.5 Medium
Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD).
CVE-2024-3555 1 Wordpress 1 Wordpress 2026-04-15 7.2 High
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to inject arbitrary pages and malicious web scripts.
CVE-2024-3546 1 Webtoffee 1 Backup And Migration 2026-04-15 4.3 Medium
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system.
CVE-2024-34442 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.
CVE-2023-41656 3 Elementor, Wordpress, Wpdive 3 Elementor, Wordpress, Better Addons For Elementor 2026-04-15 5.4 Medium
Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
CVE-2024-32821 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9.
CVE-2024-32820 1 Socialshare 1 Social Share Icons \& Social Share Buttons 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2.
CVE-2024-32814 2 Wordpress, Zorem 2 Wordpress, Advanced Local Pickup For Woocommerce 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.
CVE-2024-32813 1 Softlab 1 Integrate Google Drive 2026-04-15 5.3 Medium
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9.
CVE-2024-32805 1 Social Snap 1 Social Snap 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.
CVE-2024-32804 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.
CVE-2024-32802 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32.
CVE-2024-32797 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.
CVE-2024-32787 2 Copy Content Protection Team, Wordpress 2 Secure Copy Content Protection And Content Locking, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.
CVE-2024-32783 2026-04-15 4.3 Medium
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0.
CVE-2024-32779 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Avirtum Vision Interactive.This issue affects Vision Interactive: from n/a through 1.7.1.
CVE-2024-3277 2 Wordpress, Yumpu 2 Wordpress, Yumpu Epaper Publishing 2026-04-15 5 Medium
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key.
CVE-2024-3275 2026-04-15 4.3 Medium
The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts.