Export limit exceeded: 11589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11589 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12018 2026-04-15 4.3 Medium
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Shortcodes.
CVE-2024-11194 1 Techlabpro1 1 Classified Listing Plugin 2026-04-15 8.8 High
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.
CVE-2024-13947 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 6 Medium
Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-38737 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
CVE-2024-5600 1 Happymonkeyagency 1 Scss Happy Compiler 2026-04-15 5.4 Medium
The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts.
CVE-2024-34442 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.
CVE-2024-13468 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts/pages.
CVE-2025-24479 2026-04-15 N/A
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default setting in Windows and allows access to the Command Prompt as a higher privileged user.
CVE-2025-53943 2026-04-15 N/A
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.
CVE-2025-66140 2 Merkulove, Wordpress 2 Uper For Elementor, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
CVE-2023-40679 2 Jeweltheme, Wordpress 2 Master Addons For Elementor, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
CVE-2025-62019 2 Wordpress, Wpzoom 2 Wordpress, Recipe Card Blocks For Gutenberg & Elementor 2026-04-15 6.5 Medium
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.
CVE-2024-5768 2026-04-15 6.4 Medium
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update shipping provider information, including adding stored cross-site scripting.
CVE-2024-5769 2026-04-15 4.3 Medium
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings.
CVE-2025-68019 2 Cleverplugins, Wordpress 2 Seo Booster, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.
CVE-2019-25351 1 Centova Technologies Inc. 1 Centova Cast 2026-04-15 8.8 High
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests.
CVE-2025-69313 2 Wordpress, Wpxpo 2 Wordpress, Postx 2026-04-15 7.5 High
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2024-3750 2026-04-15 8.8 High
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.
CVE-2024-6069 1 Genetech Products 5 Content Registration, Front End User Profile Login Form, Invitation Based Registrations and 2 more 2026-04-15 8.8 High
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server
CVE-2024-6071 2026-04-15 10 Critical
PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server.