Search Results (11689 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-37443 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0.
CVE-2024-37477 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.
CVE-2024-37516 2026-04-15 6.3 Medium
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.
CVE-2023-40672 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
CVE-2024-10673 1 Themehunk 1 Top Store 2026-04-15 8.8 High
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
CVE-2024-38727 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
CVE-2024-38743 1 Upqode 1 Plum 2026-04-15 5.3 Medium
Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.
CVE-2025-48042 1 Ash-project 1 Ash 2026-04-15 N/A
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6. This issue affects ash: from pkg:hex/ash before pkg:hex/[email protected], before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.
CVE-2024-48546 1 Shenzhen Yingsheng Technology Co 1 Wear Sync Firmware 2026-04-15 8.4 High
Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2025-0580 1 Opencart 1 Opencart 2026-04-15 5.6 Medium
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_api&action=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to incorrect authorization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-53499 2026-04-15 9.1 Critical
Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
CVE-2025-53495 2026-04-15 9.1 Critical
Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.
CVE-2025-5288 2026-04-15 9.8 Critical
The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
CVE-2025-2201 2026-04-15 N/A
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain sensitive information about other users such as public IP addresses, messages with other users and more.
CVE-2024-53938 1 Victure 1 Rx1800 Firmware 2026-04-15 8.8 High
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication.
CVE-2024-32797 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.
CVE-2024-32821 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9.
CVE-2025-9228 1 Mobile-industrial-robots 5 Mir100, Mir1000, Mir200 and 2 more 2026-04-15 4.3 Medium
MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.
CVE-2022-45811 1 Wordpress 1 Wordpress 2026-04-15 5.4 Medium
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
CVE-2023-40004 2026-04-15 7.3 High
Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.