Export limit exceeded: 363406 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11590 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-43270 1 Wpbackitup 1 Wp Backitup 2026-04-15 5.3 Medium
Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.
CVE-2024-32146 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1.
CVE-2024-10579 2026-04-15 4.3 Medium
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms.
CVE-2024-5864 2026-04-15 4.3 Medium
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings.
CVE-2024-11851 2 Nitropack, Wordpress 2 Nitropack, Wordpress 2026-04-15 4.3 Medium
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values.
CVE-2025-5187 1 Kubernetes 1 Kubernetes 2026-04-15 6.7 Medium
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection.
CVE-2025-27822 2026-04-15 7.5 High
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission.
CVE-2024-8667 2026-04-15 4.3 Medium
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft.
CVE-2024-0900 1 Wordpress 1 Elespare 2026-04-15 4.3 Medium
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts.
CVE-2024-0629 2026-04-15 5.3 Medium
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid.
CVE-2024-37254 2 Mndpsingh287, Wordpress 2 File Manager, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.
CVE-2025-69052 2 Fmeaddons, Wordpress 2 Registration And Login With Mobile Phone Number For Woocommerce, Wordpress 2026-04-15 9.8 Critical
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for WooCommerce: from n/a through <= 1.3.1.
CVE-2023-52227 2026-04-15 4.3 Medium
Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.
CVE-2024-38794 1 Mediaron 1 Custom Query Blocks 2026-04-15 5.3 Medium
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
CVE-2024-2417 1 Wpeverest 1 User Registration 2026-04-15 8.8 High
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the attacker to register an account as an administrator on the site.
CVE-2024-28627 1 Flipsnack 1 Flipsnack 2026-04-15 7.5 High
An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file.
CVE-2024-2086 2026-04-15 10 Critical
The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers to modify plugin settings as well as allowing full read/write/delete access to the Google Drive associated with the plugin.
CVE-2025-3037 1 Yzk2356911358 1 Studentservlet-jsp 2026-04-15 4.3 Medium
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVE-2024-11929 2026-04-15 6.4 Medium
The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-68043 2 Lottiefiles, Wordpress 2 Lottiefiles, Wordpress 2026-04-15 7.3 High
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.