Search Results (8467 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45493 2026-04-15 9.8 Critical
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password).
CVE-2024-1371 1 Wordpress 2 Leadconnector, Wordpress 2026-04-15 6.5 Medium
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts. CVE-2024-34378 is likely a duplicate of this issue.
CVE-2024-13367 2026-04-15 6.5 Medium
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file.
CVE-2025-6814 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.
CVE-2022-41995 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8.
CVE-2022-43476 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4.
CVE-2025-68024 2 Addonify, Wordpress 2 Addonify – Woocommerce Wishlist, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.
CVE-2025-66163 2 Merkulove, Wordpress 2 Masker For Elementor, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through <= 1.1.4.
CVE-2025-66129 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.
CVE-2025-68072 2 Merv Barrett, Wordpress 2 Easy Property Listings, Wordpress 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.20.
CVE-2025-66161 2 Merkulove, Wordpress 2 Grider For Elementor, Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through <= 1.0.8.
CVE-2025-62996 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Code Amp Custom Layouts – Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through <= 1.4.12.
CVE-2025-36756 1 Solax 1 Solax Cloud 2026-04-15 N/A
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.
CVE-2024-6599 2 Mekshq, Wordpress 2 Meks Video Importer, Wordpress 2026-04-15 4.3 Medium
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys. CVE-2024-38733 may be a duplicate of this issue.
CVE-2024-38737 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.
CVE-2023-3352 2026-04-15 4.3 Medium
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.
CVE-2024-38740 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
CVE-2024-2292 2026-04-15 N/A
Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users.
CVE-2024-38744 1 Upqode 1 Plum 2026-04-15 8.3 High
Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2024-6591 1 Nitesh Singh 1 Ultimate Wordpress Auction Plugin 2026-04-15 5.8 Medium
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.