Total
4733 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39571 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4. | |||||
| CVE-2025-39560 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4. | |||||
| CVE-2025-39591 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3. | |||||
| CVE-2025-39552 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200. | |||||
| CVE-2025-39602 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.9.5. | |||||
| CVE-2025-39531 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in slazzercom Slazzer Background Changer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Slazzer Background Changer: from n/a through 3.14. | |||||
| CVE-2025-39545 | 2025-04-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3. | |||||
| CVE-2025-26953 | 2025-04-16 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9. | |||||
| CVE-2025-30960 | 2025-04-16 | N/A | 8.3 HIGH | ||
| Missing Authorization vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8. | |||||
| CVE-2025-39513 | 2025-04-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: from n/a through 0.2.46. | |||||
| CVE-2024-31099 | 1 Depicter | 1 Shortcodes And Extra Features For Phlox Theme | 2025-04-15 | N/A | 6.4 MEDIUM |
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | |||||
| CVE-2024-30477 | 1 Klarna | 1 Klarna For Woocommerce | 2025-04-15 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | |||||
| CVE-2024-53825 | 1 Ninjateam | 1 Filebird | 2025-04-15 | N/A | 4.7 MEDIUM |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. | |||||
| CVE-2023-25966 | 1 Ninjateam | 1 Filebird | 2025-04-15 | N/A | 5.5 MEDIUM |
| Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | |||||
| CVE-2025-26959 | 2025-04-15 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation. This issue affects Administrator Z: from n/a through 2025.03.24. | |||||
| CVE-2025-3557 | 2025-04-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3561 | 2025-04-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-26741 | 2025-04-15 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation. This issue affects Email Notifications for Updates: from n/a through 1.1.6. | |||||
| CVE-2025-26958 | 2025-04-15 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in NotFound JetBlog allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetBlog: from n/a through 2.4.3. | |||||
| CVE-2025-26955 | 2025-04-15 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in VW Themes Industrial Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Industrial Lite: from n/a through 1.0.8. | |||||