Каталоги
В сервис интегрированы наиболее популярные публичных базы знаний:
- Сертификаты СЗИ - Государственный реестр сертифицированных средств защиты информации опубликованный Федеральной службой по техническому и экспортному контролю, может быть использован для контроля актуальности используемых СЗИ в организации.
- CWE уязвимости - общедоступная публичная база распространенных типов уязвимостей в программном и аппаратном обеспечении, которые могут иметь последствия для безопасности - Common weakness enumeration.
- CVE уязвимости - общедоступная публичная база уязвимостей Common Vulnerabilities and Exposures (CVE). Миссия программы CVE заключается в выявлении, определении и каталогизации публично раскрываемых уязвимостей в сфере кибербезопасности. Для каждой уязвимости в каталоге существует одна запись CVE. Уязвимости обнаруживаются, затем присваиваются и публикуются организациями по всему миру, которые сотрудничают с программой CVE. Партнеры публикуют записи CVE для единообразного описания уязвимостей. Специалисты в области информационных технологий и кибербезопасности используют записи CVE, чтобы убедиться, что они обсуждают одну и ту же проблему, и координировать свои усилия по определению приоритетности и устранению уязвимостей.
- БДУ ФСТЭК уязвимости - раздел Уязвимости Банка данных уязвимостей опубликованная Федеральной службой по техническому и экспортному контролю совместно с Государственным научно-исследовательским испытательным институтом проблем технической защиты информации. Одной из целей создания банка данных угроз безопасности информации является объединение специалистов в области информационной безопасности для решения задач повышения защищенности информационных систем.
- НКЦКИ уязвимости - общедоступная публичная база уязвимостей Национального координационного центра по компьютерным инцидентам (НКЦКИ), обеспечивающего координацию деятельности субъектов КИИ по обнаружению, предупреждению, ликвидации последствий компьютерных атак и реагированию на компьютерные инциденты.
- MITRE ATT&CK – Adversarial Tactics, Techniques & Common Knowledge – Тактики, техники и общеизвестные знания о злоумышленниках. Это основанная на реальных наблюдениях база знаний компании Mitre, содержащая описание тактик, приемов и методов, используемых киберпреступниками. База создана в 2013 году и регулярно обновляется, цель – составление структурированной матрицы используемых киберпреступниками приемов, чтобы упростить задачу реагирования на киберинциденты.
- БДУ ФСТЭК и Новая БДУ ФСТЭК – раздел Угрозы Банка данных угроз, опубликованный в 2015 году Федеральной службой по техническому и экспортному контролю и Государственным научно-исследовательским испытательным институтом проблем технической защиты информации, обязателен при моделировании угроз при построении систем защиты персональных данных, критической информационной инфраструктуры, государственных информационных систем.
Каталог Справка открывает раздел документации по каталогам.
Уязвимости CVE, БДУ ФСТЭК и НКЦКИ
Каталоги CVE уязвимости, БДУ ФСТЭК уязвимости и НКЦКИ уязвимости предоставляют дополнительный контент и обогащают информацией описание уязвимостей от сканеров в модуле Технические уязвимости.
Интерфейс каталогов идентичен и содержит следующие блоки:
- Метрики:
- Найденные уязвимости – отображает количество найденных в отчетах от сканеров уязвимостей которые связаны с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей);
- Уязвимые хосты – отображает количество хостов на которых обнаружены уязвимости связанные с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей).
- Табличную часть Каталог уязвимостей:
- Фильтр по полю Идентификатор - особенностью данного фильтра является автоматический разбор текста с последующим извлечением из текста идентификаторов. Для этого необходимо вставить произвольный текст с идентификаторами в поле и добавить в фильтр через кнопку плюс;
- Табличную часть с полями для каталогов CVE и БДУ ФСТЭК:
- Идентификатор - id уязвимости в базе уязвимостей;
- Описание - текстовое описание уязвимости;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- CVSS - числовая оценка уязвимости согласно источнику, с указанием даты выявления уязвимости экспертами, оценка отображается цветом согласно оценке CVSS 0.1 – 3.9 Low Зеленый,
4.0 – 6.9 Medium Желтый, 7.0 – 8.9 High Оранжевый, 9.0 – 10.0 Critical Красный.
- Табличную часть с полями для каталогов CVE :
- Дата бюллетеня - информация о дате публикации бюллетеня содержащего уязвимости;
- Идентификатор - id уязвимости в базе уязвимостей;
- Информация - текстовое описание уязвимости;
- Вектор атаки - локальный или сетевой вектор атаки;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- Наличие обновления - - флаг, данный статус отображается если база уязвимостей содержит информацию о наличии обновлений от производителя уязвимого ПО;
- Дата выявления - даты выявления уязвимости экспертами.
- Чекбокс «Только обнаруженные уязвимости» - устанавливает фильтр на табличную часть для отображения только обнаруженные уязвимости.
- Функционал для экспорта всех уязвимостей каталога.
- Для каталога добавляется функционал Варианты отображения:
- Бюллетени - изменяет отображение табличной части на реестр бюллетеней, отображает общее количество уязвимостей в бюллетени в поле Уязвимостей в бюллетени и статус по обнаружению в поле Обнаружено - данный статус отображается если хотя бы одна уязвимость из бюллетеня обнаружена в инфраструктуре.
- Уязвимости.
MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК
Данные из каталогов MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК могут использоваться для контекстного наполнения риска в модуле Риски.
Каждый из указанных каталогов сформирован по собственной схеме данных, которая не соответствует подходу оценки риска, используемому в сервисе. Но в основе своей указанные базы описывают все те же риски информационной безопасности, каждый под своим углом. Поэтому они добавлены в сервис и как отдельные компоненты и как основа для создания рисков, угроз или уязвимостей.
Каталоги могут использоваться в сервисе с целью:
- Облегчения процесса формирования рисков, угроз и уязвимостей;
- Обогащения информации по рискам (угрозам, уязвимостям) созданным в сервисе.
- Взгляда на компанию и оценку рисков через публичные каталоги угроз.
Сервис позволяет установить связь между объектами из каталогов и 3 типами объектов сервиса: угрозами, уязвимостями или рисками безопасности:
- Уязвимости могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK и способами реализации Новой БДУ ФСТЭК.
- Угрозы могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами и последствиями Новой БДУ ФСТЭК.
- Риски могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами, способами реализации и последствиями Новой БДУ ФСТЭК.
Такой широкий выбор возможных связей сделан потому, что объекты из каталогов угроз могут быть или угрозой или уязвимостью в контексте сервиса.
Например, УБИ.004 Угроза аппаратного сброса пароля BIOS из БДУ ФСТЭК в контексте сервиса является уязвимостью, особенностью активов типа Микропрограммное обеспечение, которая может привести к реализации угрозы Несанкционированного локального доступа к BIOS.
В большинстве случаев угрозы из БДУ ФСТЭК и техники из MITRE ATT@CK являются именно уязвимостями, использование которых ведет к реализации угроз безопасности, но бывают и исключения.
Для рисков, угроз и уязвимостей из базы Community связи с каталогами угроз уже установлены.
Связь с каталогом угроз может быть прямой или косвенной. Например, если уязвимость связана с угрозой из БДУ ФСТЭК то и все риски, в составе которых есть данная уязвимость будут автоматически связаны с угрозой из БДУ ФСТЭК.
Каталог БДУ ФСТЭК - это реестр рисков от банка данных угроз безопасности информации ФСТЭК России.
Каждая угроза содержит описание, рекомендации к каким типам активов может быть применена эта угроза, классификация по свойствам информации и вероятные источники угрозы. Дополнительно в блоке Связанные риски указаны связанные риски, а в блоке Каталоги указываются связи с записями из других каталогов.
Каталог Новая БДУ ФСТЭК от банка данных угроз безопасности информации ФСТЭК России содержит:
- матрицу Способы реализации (возникновения угроз) - каждая ячейка которых содержит описание поверхности атаки: группу способов, уровень возможностей нарушителя, возможные реализуемые угрозы, компоненты объектов воздействия, возможные меры защиты;
- Негативные последствия - перечень негативных последствий в классификации ФСТЭК в виде кода и описания;
- Угрозы - реестр угроз с описанием, каждая угроза содержит возможные объекты воздействия и возможные способы реализации угроз;
- Объекты - перечень объектов последствий с описанием и компонентами которые могут входить в состав объекта;
- Компоненты - перечень компонентов объектов воздействия с указанием объектов воздействия на которых они могут располагаться;
- Нарушители - уровни возможностей нарушителей классифицированные по возможностям и компетенции;
- Меры защиты - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя.
Каталог MITRE ATT&CK содержит:
- Матрица - содержит тактики и техники злоумышленника, позволяет на основании тактики или техники создать риск или уязвимость, в матрице указаны связи с рисками в базе Community и с рисками в базе команды;
- Тактики - направления действия нарушителя на том или ином этапе cyberkillchane;
- Техники - конкретные действия нарушителя для достижения цели на конкретном шаге cyberkillchane;
- Контрмеры - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя;
- Преступные группы - описание APT группировок и их особенности и модель поведения;
- Инструменты - ПО используемое нарушителями для вредоносного воздействия.
Матрицы могут использоваться для построения тепловой карты рисков наложенных на матрицы угроз и уязвимостей.
Уязвимости CWE
Каталог CWE уязвимости предоставляет дополнительный контент и обогащают информацией описание уязвимостей от сканеров в модуле Технические уязвимости.
Интерфейс каталогов идентичен и содержит следующие блоки:
- Табличную часть Каталог уязвимостей:
- Фильтр по полю Идентификатор;
- Табличную часть с полями:
- Идентификатор - id уязвимости в базе уязвимостей;
- Имя - текстовое описание уязвимости;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- Чекбокс «Только обнаруженные уязвимости» - устанавливает фильтр на табличную часть для отображения только обнаруженные уязвимости.
Сертификаты СЗИ
Каталог Сертификаты СЗИ может быть использован в модуле Активы как источник информации для поля Номер сертификата СЗИ. В модуле активов есть возможность вести реестр СЗИ используемых в организации, в свою очередь каталог сертификатов СЗИ позволяет связать актив с каталогом через поле актива Номер сертификата СЗИ.
Каталог Сертификаты СЗИ содержит реестр с информацией о номере сертификата, сроке действия сертификата и сроке поддержки СЗИ. Кроме реестра каталог содержит следующие метрики:
- Имеющиеся СЗИ - отображает количество активов у которых заполнено поле Номер сертификата СЗИ;
- Скоро будут просрочены - отображает количество активов у которых срок действия сертификата меньше 90 календарных дней;
- Просроченные сертификаты - отображает количество активов у которых срок действия сертификата уже истек;
- Истекшая поддержка - отображает количество активов у которых срок действия сертификата уже истек.
Каждая метрика ведёт в реестр активов и выводит список СЗИ, отфильтрованный по соответствующим параметрам.
Нажав на просмотр сертификата, мы увидим карточку сертификата, сервис хранит информацию о следующих данных:
- Номер сертификата;
- Дата внесения в реестр;
- Срок действия сертификата;
- Срок окончания тех. поддержки;
- Наименование средства (шифр);
- Схема сертификации;
- Испытательная лаборатория;
- Орган по сертификации;
- Заявитель;
- Наименования документов соответствия;
- Реквизиты заявителя.
Реестр обновляется автоматически один раз в месяц.
Куда я попал?
CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
| Тип уязвимости: | Не зависит от других уязвимостей |
| Вероятность эксплойта: |
High
|
Идентификаторы ФСТЭК уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| BDU:2014-00033 | Уязвимость операционной системы Cisco IOS, позволяющая злоумышленнику повысить привилегии и выполнять произвольный код |
| BDU:2018-00869 | Уязвимость функции browser.identity.launchWebAuthFlow расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2019-03693 | Уязвимость подсистемы UDF систем управления базами данных "Ред База Данных" и Firebird, позволяющая нарушителю выполнить произвольный код |
| BDU:2019-03811 | Уязвимость централизованной службы для поддержки информации о конфигурации, именования, обеспечения распределенной синхронизации и предоставления групповых служб Apache ZooKeeper, позволяющая нарушителю записать произвольные файлы в операционной сист... |
| BDU:2019-04342 | Уязвимость набора инструментов DevTools браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к локальным файлам |
| BDU:2020-00045 | Уязвимость программного обеспечения для интеграции корпоративных приложений SAP NetWeaver Process Integration, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-00569 | Уязвимость программного обеспечения SAP Leasing, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-00804 | Уязвимость службы keystore программной интеграционной платформы SAP NetWeaver, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2020-00886 | Уязвимость веб-интерфейса администрирования платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2020-01324 | Уязвимость функции base_sock_create из drivers/isdn/mISDN/socket.c модуля AF_ISDN ядра операционной системы Linux, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2020-01488 | Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации |
| BDU:2020-02043 | Уязвимость системы ввода для записи нескольких языков в Unix-подобных операционных системах ibus, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность |
| BDU:2020-03122 | Уязвимость программного средства администрирования лицензий Cisco Smart Software Manager On-Prem, связанная с недостатками контроля доступа, позволяющая нарушителю создавать произвольные учетные записи пользователей |
| BDU:2020-04370 | Уязвимость компонента Windows Mobile Device Management (MDM) Diagnostics операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2020-04607 | Уязвимость веб-интерфейса операционной системы Cisco IOS XE, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2020-04947 | Уязвимость компонента "file transfer" сервера TIBCO Managed File Transfer Platform Server, позволяющая нарушителю изменить произвольные файлы |
| BDU:2020-05604 | Уязвимость обработчика PDF-содержимого PDFium веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2020-05613 | Уязвимость компонента Networking веб-браузера Google Chrome, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-05638 | Уязвимость микропрограммного обеспечения модульного контроллера для автоматизации трансформаторных подстанций Schneider Electric Easergy T300 модуля SC150, связанная с некорректной авторизацией пользователей, позволяющая нарушителю просматривать и из... |
| BDU:2020-05760 | Уязвимость программного средства управления персоналом SAP ERP HCM, связанная с отсутствием авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-05790 | Уязвимость платформы бизнес-аналитики SAP Business Objects Business Intelligence Platform, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки |
| BDU:2021-00082 | Уязвимость компонента "ALTER ... DEPENDS ON EXTENSION" системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-00360 | Уязвимость функции browser.tabs.executeScript () расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки |
| BDU:2021-01247 | Уязвимость микропрограммного обеспечения маршрутизатора ZyXEL P-1302-T10 v3, связанная с недостатками защиты служебных данных, позволяющая нарушителю повысить свои привилегии |
| BDU:2021-01448 | Уязвимость функции recv_files в receiver.c утилиты для передачи и синхронизации файлов Rsync, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-01776 | Уязвимость компонента scan.c VNC-сервера X11vnc, связанная с отсутствием механизма авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2021-02168 | Уязвимость компонента Generic Market Data программного средства автоматизация банковской деятельности SAP Banking Services, позволяющая нарушителю оказать воздействие на целостность и раскрыть защищаемую информацию |
| BDU:2021-03168 | Уязвимость функции ContentModelChange программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2021-03300 | Уязвимость компонента shared/view_source.php программного обеспечения для управления медицинскими записями OpenClinic, позволяющая нарушителю выполнить произвольный код |
| BDU:2021-03443 | Уязвимость компонента RTAS ядра операционной системы Linux, связанная с отсутствием механизма авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2021-04000 | Уязвимость сетевого сервиса Ehcache RMI программных продуктов для обработки данных Jira Data Center, Jira Core Data Center, Jira Software Data Center, позволяющая нарушителю выполнить произвольный код |
| BDU:2021-04237 | Уязвимость функций notifyProfileAdded и notifyProfileRemoved операционной системы Android, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2021-04582 | Уязвимость компонента proxy65 сервера для Jabber/XMPP Prosody, связанная с отсутствием механизма авторизации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2021-04592 | Уязвимость библиотеки управления виртуализацией Libvirt, связанная с ошибками авторизации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2021-04656 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с ошибками авторизации, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-04813 | Уязвимость контроллера доставки приложений Citrix ADC (ранее Citrix NetScaler Application Delivery Controller), системы контроля доступа к виртуальной среде Citrix Gateway (ранее Citrix NetScaler Gateway) и программного средства управления сетью Citr... |
| BDU:2021-04975 | Уязвимость службы JMS Connector Service сервера веб-приложений SAP NetWeaver Java Application Server, позволяющая нарушителю обойти существующие ограничения безопасности или выполнить произвольный код |
| BDU:2021-06095 | Уязвимость компонента cgi-bin/upload_firmware.cgi микропрограммного обеспечения маршрутизатора D-Link DIR-823G, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2021-06110 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю создать родительские каталоги в FilePathmkdirs |
| BDU:2021-06207 | Уязвимость интерфейса J-Web операционных систем Junos OS, позволяющая нарушителю обойти ограничения безопасности |
| BDU:2021-06221 | Уязвимость компонента FilePathlistFiles сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2021-06222 | Уязвимость компонента FilePathreading(FileVisitor) сервера автоматизации Jenkins, позволяющая нарушителю иметь неограниченный доступ для чтения файлов с использованием определенных операций |
| BDU:2021-06271 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2021-06323 | Уязвимость микропрограммного обеспечения Ethernet модулей WISE-4060 и Adam-6050 D, связанная с недостатками процедуры проверок ввода текущего пароля, позволяющая нарушителю получить полный доступ к устройству с привилегии администратора |
| BDU:2022-00040 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2022-00173 | Уязвимость демона 1905 микропрограммного обеспечения микросхем MediaTek МТ7603Е, МТ7613, МТ7615, МТ7622, МТ7628, МТ7629, МТ7915, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2022-00682 | Уязвимость подсистемы виртуализации KVM ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-00683 | Уязвимость ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-00879 | Уязвимость универсальной системы мониторинга Zabbix , связанная с ошибками авторизации, позволяющая нарушителю выполнить произвольный код с root-привилегиями |
| BDU:2022-01056 | Уязвимость программного обеспечения Apache ShenYu, связанная с отсутствием авторизации для критичной функции, позволяющая нарушителю обойти введенные ограничения безопасности |
| BDU:2022-01057 | Уязвимость программного обеспечения Apache ShenYu, связанная с отсутствием авторизации для критичной функции, позволяющая нарушителю обойти введенные ограничения безопасности |
| BDU:2022-01781 | Уязвимость компонента net/http/httputil языка программирования Golang, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2022-02440 | Уязвимость веб-сервера Atlassian Confluence Server, связанная с ошибками авторизации, позволяющая нарушителю читать произвольные файлы |
| BDU:2022-02482 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизаторов Cisco Small Business RV340, RV340W, RV345, RV345P, позволяющая нарушителю повысить свои привилегии до уровня root |
| BDU:2022-03004 | Уязвимость системного вызова PTRACE_SEIZE безопасного режима вычислений seccomp ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-03018 | Уязвимость службы хостинга RubyGems.org, связанная с ошибками авторизации, позволяющая нарушителю получить доступ на создание, изменение или удаление данных |
| BDU:2022-04059 | Уязвимость веб-интерфейса управления программного обеспечения контроллера Cisco AppDynamics Controller, позволяющая нарушителю раскрыть защищаемую информацию и повысить свои привилегии |
| BDU:2022-04234 | Уязвимость приложения создания фотоальбомов Video Station, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-04332 | Уязвимость сервера TUG Home Base Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю добавлять и удалять произвольных пользователей |
| BDU:2022-04333 | Уязвимость сервера TUG Home Base Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к хэшированным учетным данным |
| BDU:2022-04364 | Уязвимость микропрограммного обеспечения удаленных терминалов Siemens SICAM, связанная с недостатками процедуры авторизации, позволяющая нарушителю читать произвольные файлы |
| BDU:2022-04841 | Уязвимость плагина Jenkins Buckminster Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04842 | Уязвимость плагина Jenkins Lucene-Search Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04844 | Уязвимость плагина Jenkins Openstack Heat Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04845 | Уязвимость плагинаJenkins Openstack Heat Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю совершить подмену URL-адреса |
| BDU:2022-04846 | Уязвимость плагина Jenkins Google Cloud Backup Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю копировать произвольные файлы |
| BDU:2022-04847 | Уязвимость плагина Jenkins Files Found Trigger Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04849 | Уязвимость плагина Jenkins Coverity Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04853 | Уязвимость плагина Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04855 | Уязвимость плагина Jenkins Coverity Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04858 | Уязвимость плагина Jenkins OpenShift Deployer Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04860 | Уязвимость плагина Jenkins Repository Connector Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть информацию об идентификаторах учетных данных |
| BDU:2022-04864 | Уязвимость плагина Jenkins Deployer Framework Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04866 | Уязвимость плагина Jenkins Compuware Xpediter Code Coverage Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04867 | Уязвимость плагина Jenkins Compuware ISPW Operations Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04868 | Уязвимость плагина Jenkins rhnpush-plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04869 | Уязвимость плагина Jenkins HashiCorp Vault Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04871 | Уязвимость плагина Jenkins Repository Connector Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию о файловой системе |
| BDU:2022-04874 | Уязвимость плагина Jenkins rpmsign-plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04875 | Уязвимость плагина Jenkins Compuware Topaz Utilities Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04939 | Уязвимость платформы SAP Enable Now Manager, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить её целостность |
| BDU:2022-05210 | Уязвимость функции Uninstall Protection программного средства защиты конечных точек Crowdstrike Falcon, позволяющая нарушителю удалить программное обеспечение CrowdStrike |
| BDU:2022-05213 | Уязвимость программного средства Illumina Local Run Manager, связанная с отсутствием процедуры авторизации, позволяющая нарушителю внедрять, воспроизводить, изменять и/или перехватывать конфиденциальные данные |
| BDU:2022-05498 | Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками авторизации, позволяющая нарушителю записывать произвольные файлы |
| BDU:2022-05538 | Уязвимость программного обеспечения SAP Enterprise Extension Defense Forces Public Security, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-05608 | Уязвимость компонента Build Handler плагина Jenkins Git Plugin, связанная с ошибками авторизации, позволяющая нарушителю обойти введенные ограничения безопасности и повысить свои привилегии |
| BDU:2022-05669 | Уязвимость компонента Application Business Partner Extension программной платформы SAP S/4HANA, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-06104 | Уязвимость гипервизора Xen, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-06174 | Уязвимость браузера Firefox for iOS, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-06329 | Уязвимость плагина Jenkins OpenShift Deployer Plugin, связанная с ошибками авторизации, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии |
| BDU:2022-06702 | Уязвимость функции изменения пароля доступа к веб-интерфейсу промышленных коммутаторов Siemens SCALANCE и RUGGEDCOM, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-07249 | Уязвимость компонента Controller File System Handler плагина Jenkins OpenShift Deployer Plugin, позволяющая нарушителю обойти введенные ограничения безопасности и пвысить свои привилегии |
| BDU:2023-00047 | Уязвимость плагина Jenkins extreme-feedback Plugin, связанная с отсутствием проверки разрешений в подключаемом модуле, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2023-00049 | Уязвимость плагина Jenkins Tuleap Git Branch Source Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-00641 | Уязвимость декларативного инструмента непрерывной доставки GitOps для Kubernetes Argo CD, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-01079 | Уязвимость функции shell_exec() программного обеспечения для организации видеонаблюдения ZoneMinder, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-01289 | Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP и SAP NetWeaver ABAP, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю перезаписывать произвольные файлы |
| BDU:2023-01385 | Уязвимость системы мониторинга критически важного оборудования StruxureWare Data Center Expert, связанная с недостатками процедуры авторизации, позволяющая нарушителю выполнять несанкционированные функции, изменять или удалять произвольный контент |
| BDU:2023-01480 | Уязвимость обработчика клиентских запросов системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю выполнить произвольные действия |
| BDU:2023-01481 | Уязвимость обработчика клиентских запросов системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-01482 | Уязвимость обработчика клиентских запросов системы безопасного управления доступом к IED RUGGEDCOM CROSSBOW, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-01773 | Уязвимость службы Kubernetes облачной платформы Red Hat OpenShift Data Science (RHODS), позволяющая нарушителю отправлять произвольные API-запросы |
| BDU:2023-02023 | Уязвимость загрузчика GRand Unified Bootloader (GRUB) операционной системы Cisco IOS XR маршрутизаторов Network Convergence System 540 Series и Cisco 9000 Series, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-03013 | Уязвимость плагина Jenkins Cisco Spark Notifier Plugin, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-03078 | Уязвимость файла конфигурации authorize.conf платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-03521 | Уязвимость оболочки EMUI операционной системы HarmonyOS, связанная с недостатками процедуры авторизации, позволяющая нарушителю запустить процедуру отображения рекламы или других случайных окон в произвольное время |
| BDU:2023-04017 | Уязвимость локального хранилища (localstorage) браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04078 | Уязвимость функции createUser системы управления, диагностики и оптимизации работы сетевых устройств ProSafe Network Management NMS300, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-04089 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с недостатками процедуры аутентификации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2023-04308 | Уязвимость службы bluetooth микропрограммного обеспечения чипсетов Unisoc, связанная с отсутствием проверки разрешений, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04311 | Уязвимость службы bluetooth микропрограммного обеспечения чипсетов Unisoc, связанная с отсутствием проверки разрешений, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04329 | Уязвимость веб-интерфейса микропрограммного обеспечения устройств централизованного управления сетью VMware SD-WAN Edge, позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение, изменение или удаление данных |
| BDU:2023-04559 | Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP и SAP NetWeaver ABAP, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04595 | Уязвимость плагина EventON Lite системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04702 | Уязвимость плагина Sitemap by click5 системы управления содержимым сайта WordPress, позволяющая нарушителю создать учетную запись с правами администратора и осуществить CSRF-атаку |
| BDU:2023-04921 | Уязвимость микропрограммного обеспечения веб-панелей для управления и мониторинга процессов в промышленных системах PHOENIX CONTACT WP 6xxx, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к... |
| BDU:2023-04931 | Уязвимость микропрограммного обеспечения веб-панелей для управления и мониторинга процессов в промышленных системах PHOENIX CONTACT WP 6xxx, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на целостность и д... |
| BDU:2023-05010 | Уязвимость службы SAP BW BI Consumer Service (BICS) системы управления данными и аналитики SAP Business Warehouse и SAP BW/4HANA, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-05273 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с ошибками авторизации, позволяющая нарушителю выполнить произвольный веб-скрипт с повышенными привилегиями |
| BDU:2023-05986 | Уязвимость программного обеспечения для управления медицинской организацией OpenEMR, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06076 | Уязвимость платформы для разработки и доставки контейнерных приложений Docker Desktop, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить полные права администратора |
| BDU:2023-06214 | Уязвимость ядра оболочки EMUI операционной системы HarmonyOS, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность данных |
| BDU:2023-06416 | Уязвимость функции restore_settings плагина Comments Like Dislike системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2023-06457 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06476 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06477 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06479 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06480 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06481 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06482 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06483 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06485 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06486 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06487 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06492 | Уязвимость программного средства резервного копирования и восстановления данных Acronis Cyber Protect Home Office, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06709 | Уязвимость плагина Jenkins Fortify Plugin, связанная с ошибками авторизации, позволяющая нарушителю получить доступ к сессии другого пользователя |
| BDU:2023-06945 | Уязвимость компонента Withholding Tax Items программной платформы SAP S/4HANA, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-07139 | Уязвимость программного обеспечения WebTutor, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-07391 | Уязвимость библиотеки SAP CommonCryptoLib, связанная с недостатками процедуры авторизации, позволяющая нарушителю читать, изменять или удалять данные с ограниченным доступом |
| BDU:2023-07398 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition, связнная с недостатками процедуры авторизации, позволяющая нарушителю запускать задания конвейера от имени произвольного пользователя |
| BDU:2023-07528 | Уязвимость функций pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta и pmdm_wp_ajax_delete_meta плагина для системы управления содержимым сайта WordPress Post Meta Data Manager, позволяющая нарушителю удалить произвольные метаданные пользователей |
| BDU:2023-07529 | Уязвимость функций pmdm_wp_change_user_meta и pmdm_wp_change_post_meta плагина Post Meta Data Manager для системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-08031 | Уязвимость реализации прикладного программного интерфейса системы аудита безопасности эксплуатации и обслуживания JumpServer, позволяющая нарушителю обойти процесс аутентификации |
| BDU:2023-08356 | Уязвимость функции admin_init() плагина Swift Performance Lite системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-08538 | Уязвимость платформы анализа данных Hazelcast, связанная с недостатками процедуры авторизации, позволяющая нарушителю выполнять произвольные действия |
| BDU:2023-08588 | Уязвимость пакета Skupper программного средства Red Hat Service Interconnect, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-08669 | Уязвимость технологии WebSocket Java-фреймворка Quarkus, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и повысить свои привилегии |
| BDU:2023-08975 | Уязвимость плагина User Post Gallery системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-00143 | Уязвимость модуля SocketService программного обеспечения для управления источниками бесперебойного питания Voltronic Power ViewPower Pro, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2024-00423 | Уязвимость функции public_website() плагина Hostinger системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-00504 | Уязвимость операционной системы NEXO-OS инструментов для монтажных работ на производственных линиях Bosch Nexo cordless nutrunner и Bosch Nexo special cordless nutrunner, позволяющая нарушителю загружать произвольные файлы |
| BDU:2024-00506 | Уязвимость операционной системы NEXO-OS инструментов для монтажных работ на производственных линиях Bosch Nexo cordless nutrunner и Bosch Nexo special cordless nutrunner, позволяющая нарушителю читать произвольные файлы |
| BDU:2024-00631 | Уязвимость плагина POST SMTP Mailer системы управления содержимым сайта WordPress, позволяющая нарушителю сбросить ключ API и получить несанкционированный доступ к защищаемой информации |
| BDU:2024-00745 | Уязвимость функции save_management_settings() плагина InstaWP Connect системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных |
| BDU:2024-00753 | Уязвимость программного обеспечения создания, мониторинга и оркестрации сценариев обработки данных Airflow, связанная с отсутствием авторизации, позволяющая нарушителю получить доступ к исходному коду DAG |
| BDU:2024-01136 | Уязвимость плагина ActivityPub системы управления содержимым сайта WordPress, повзволяющая нарушителю выполнять несанкционированные функции, изменять или удалять произвольный контент |
| BDU:2024-01180 | Уязвимость интерфейса приложения Poly Lens телефонов и акустических систем для конференц-связи Poly Trio, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-01268 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki , связанная с ошибками авторизации, позволяющая нарушителю редактировать произвольный документ |
| BDU:2024-01993 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к проекту |
| BDU:2024-02115 | Уязвимость плагина Podlove Web Player системы управления содержимым сайта WordPress, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на целостность и конфиденциальность защищаемой информации |
| BDU:2024-02556 | Уязвимость фреймворка для масштабирования приложений AI и Python Ray, связанная с недостатками процедуры авторизации, позволяющая нарушителю читать произвольные файлы в каталоге /static/ |
| BDU:2024-02669 | Уязвимость реализации прикладного программного интерфейса Client фреймворка для масштабирования приложений AI и Python Ray, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-02952 | Уязвимость облачного программного обеспечения защиты данных Acronis Cyber Protect Cloud, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-03017 | Уязвимость компонента Enter Package Data программного обеспечения для сбора финансовых данных для бизнеса SAP Group Reporting Data Collection, позволяющая нарушителю повысить свои привилегии и оказать воздействие на целостность данных |
| BDU:2024-03356 | Уязвимость функции tutor_delete_announcement() плагина Tutor LMS системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-03358 | Уязвимость функции hide_notices() плагина Tutor LMS системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2024-03374 | Уязвимость функции wpa_check_authentication() плагина Analytify системы управления содержимым сайта WordPress, позволяющая нарушителю изменить идентификатор отслеживания Google Analytics сайта |
| BDU:2024-03375 | Уязвимость функции update_form() плагина Admin Bar Editor системы управления содержимым сайта WordPress, позволяющая нарушителю включать или отключать панель администратора на внешнем интерфейсе сайта |
| BDU:2024-03569 | Уязвимость системных представлений pg_stats_ext, pg_stats_ext_exprs СУБД PostgreSQL, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-04265 | Уязвимость компонента My Overtime Request платформы проектирования бизнес-приложений SAP Fiori, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2024-04306 | Уязвимость платформы управления данными SAP Master Data Governance, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии и раскрыть защищаемую информацию |
| BDU:2024-04307 | Уязвимость средства для управления банковскими счетами SAP Bank Account Management (BAM), связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-04427 | Уязвимость функции postx_presets_callback() плагина PostX системы управления содержимым сайта WordPres, позволяющая нарушителю повысить свои привилегии и получить доступ на чтение, изменение или удаление данных |
| BDU:2024-04596 | Уязвимость системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-04644 | Уязвимость реализации модуля единого входа в приложения (SAML) для служб удаленного доступа VPN микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю ус... |
| BDU:2024-04740 | Уязвимость компонента System webapi приложения для организации видеонаблюдения Surveillance Station, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05079 | Уязвимость компонента Manage Incoming Payment Files программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2024-05090 | Уязвимость реализации процесса преобразования и передачи данных Transformation and Data Transfer Process (DTP) системы управления данными и аналитики SAP BW/4HANA, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05100 | Уязвимость системы управления жизненным циклом студентов в высших учебных заведениях SAP Student Life Cycle Management (SLcM), связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05213 | Уязвимость программного интерфейса Text Services Framework операционных систем Windows, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05255 | Уязвимость механизма аутентификации Single sign-on (SSO) веб-интерфейса GitLab Duo Chat программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-05346 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05350 | Уязвимость компонента Auto-attach Option Handler программного средства управления проектами и задачами JetBrains YouTrack, позволяющая нарушителю включить опцию автоматического присоединения к рабочим процессам |
| BDU:2024-06241 | Уязвимость функционала единого входа (SSO) платформы бизнес-аналитики SAP BusinessObjects Business Intelligence, позволяющая нарушителю получить полный доступ к устройству |
| BDU:2024-06311 | Уязвимость компонента org.xwiki.platform:xwiki-platform-oldcore платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-06700 | Уязвимость браузера Firefox, Firefox ESR, связанная с отсутствием диалогового окна подтверждения при открытии связанных с Usenet схем "news:" и "snews:", позволяющая нарушителю загрузить произвольное приложение и выполнить произвольный код |
| BDU:2024-07027 | Уязвимость командной оболочки Bash операционной системы Cisco NX-OS коммутаторов Cisco Nexus 3000 и Nexus 9000, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-07036 | Уязвимость плагинов InPost для WooCommerce и плагин InPost PL для WordPress, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-07043 | Уязвимость программного средства управления сетевыми сервисами SAP Shared Service Framework, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-07623 | Уязвимость компонента Blink веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2024-08045 | Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, сервера содержимого SAP Content Server и веб-диспетчера SAP Web Dispatcher, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказат... |
| BDU:2024-08046 | Уязвимость системы управления жизненным циклом студентов в высших учебных заведениях SAP Student Life Cycle Management (SLcM)t, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08048 | Уязвимость программного средства управления сетевыми сервисами SAP Shared Service Framework, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08159 | Уязвимость компонента Web Server программного средства для создания отчетов Oracle BI Publisher, позволяющая нарушителю получить полный контроль над приложением |
| BDU:2024-08256 | Уязвимость компонента Item Catalog программного средства управления данными Oracle Product Hub системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить доступ на изменение, добавление и удаление данных |
| BDU:2024-08297 | Уязвимость компонента Quality Manager Specification приложения управления процессами разработки Oracle Process Manufacturing (OPM) Product Development системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю полу... |
| BDU:2024-08492 | Уязвимость компонента SplunkDeploymentServerConfig платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2024-08542 | Уязвимость интерфейса программного средства управления проектами и задачами JetBrains YouTrack, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08549 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08571 | Уязвимость компонента OSB Core Functionality интеграционной платформы для управления, маршрутизации и обработки сообщений между приложениями и сервисами Oracle Service Bus (OSB), позволяющая нарушителю получить несанкционированный доступ к защищаемой... |
| BDU:2024-08829 | Уязвимость платформы управления данными Microsoft Dataverse, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-08899 | Уязвимость конфигурационных настроек директории /api/configs пользовательского интерфейса Nginx UI сервера nginx, позволяющая нарушителю читать произвольные файлы |
| BDU:2024-08941 | Уязвимость реализации протокола Real-Time Streaming Protocol (RTSP) микропрограммного обеспечения сетевой IP-камеры D3D Security IP Camera D8801, позволяющая нарушителю получить доступ к видеопотоку |
| BDU:2024-09069 | Уязвимость программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, связнная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2024-09079 | Уязвимость программного обеспечения управления аккаунтами JetBrains Hub, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-09283 | Уязвимость микропрограммного обеспечения маршрутизаторов D-Link DIR-823G, связанная с недостаточной защитой служебных данных, позволяющая получить несанкционированный доступ к защищаемой информации |
| BDU:2024-09318 | Уязвимость программного обеспечения для связи с контролируемыми устройствами Schneider Electric EcoStruxure IT Gateway, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить полный доступ к уязвимому программному обеспечению |
| BDU:2024-09425 | Уязвимость виртуальной обучающей среды Moodle, связанная с отсутствием авторизации, позволяющая нарушителю удалить данные |
| BDU:2024-09430 | Уязвимость корпоративной версии платформы GitHub Enterprise Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю получать доступ к конфиденциальным данным |
| BDU:2024-10174 | Уязвимость компонента CMDaemon программного средства для управления рабочей нагрузкой и мониторинга инфраструктуры NVIDIA Base Command Manager, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-10212 | Уязвимость реализации прикладного программного интерфейса платформы управления сетевыми ресурсами Cisco Nexus Dashboard Fabric Controller (NDFC), связанная с отсутствием авторизации, позволяющая нарушителю оказать влияние нацелостность защищаемой инф... |
| BDU:2024-10214 | Уязвимость реализации прикладного программного интерфейса платформы аналитики и автоматизации работы с многооблачными сетями дата-центров Cisco Nexus Dashboard, связанная с отсутствием авторизации, позволяющая нарушителю оказать влияние на целостност... |
| BDU:2024-10215 | Уязвимость реализации прикладного программного интерфейса платформы управления сетевыми ресурсами Cisco Nexus Dashboard Fabric Controller (NDFC), связанная с отсутствием авторизации, позволяющая нарушителю оказать влияние на целостность и доступность... |
| BDU:2024-10261 | Уязвимость виртуальной обучающей среды Moodle, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к элементам системы |
| BDU:2024-10271 | Уязвимость компонента Socket Intercept Command File Interface операционной системы Juniper Networks Junos OS Evolved, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-10422 | Уязвимость гибридного облачного решения для управления тонкими клиентами Dell Wyse Management Suite, связанная с отсутствием процедуры авторизации, позволяющая нарушителю вызвать отказ в обслуживании и удалить произвольные файлы |
| BDU:2024-10538 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE , связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-10542 | Уязвимость программной интеграционной платформы SAP NetWeaver AS Java, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2024-10549 | Уязвимость модулей для защиты от спама Spam protection, AntiSpam, FireWall плагина CleanTalk для системы управления содержимым сайта WordPress, связанная с недостатками процедуры авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-10856 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-10867 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-10998 | Уязвимость HTTP-метода GET программного средства управления системами в режиме One-to-one Dell OpenManage Server Administrator (OMSA), позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11009 | Уязвимость программного обеспечения управления ресурсами человеческого капитала в организации SAP Human Capital Management (HCM), связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11217 | Уязвимость службы управления Veeam Backup Enterprise Manager средства защиты облачных, виртуальных и физических систем Veeam Backup Replication, позволяющая нарушителю повысить свои привилегии и вызвать отказ в обслуживании |
| BDU:2024-11244 | Уязвимость гиперконвергентной инфраструктуры программно-аппаратной платформы Microsoft Azure Stack (HCI), связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11260 | Уязвимость функции wpforms_is_admin_page() плагина WPForms системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ на чтение и изменение данных |
| BDU:2024-11276 | Уязвимость средства резервного копирования данных Veeam Agent for Linux, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии до уровня root |
| BDU:2024-11299 | Уязвимость программного обеспечения для управления системой контроля доступа Geovision GV-ASManager, связанная с отсутствием процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2024-11300 | Уязвимость плагина StylemixThemes eRoom - Zoom Meetings Webinar системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11316 | Уязвимость функции permission_callback плагина Hunk Companion системы управления содержимым сайта WordPress, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) |
| BDU:2024-11402 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11496 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием процедуры авторизации, позволяющая нарушителю удалить произвольное сообщение |
| BDU:2024-11624 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2024-11637 | Уязвимость компонента Advanced Payment Management программного средства управления финансами SAP S/4HANA Finance, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11638 | Уязвимость программы для создания и управления обучающими материалами SAP Enable Now, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-00253 | Уязвимость модуля Open Social CMS-системы Drupal, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку принудительного просмотра (Forceful Browsing) |
| BDU:2025-00259 | Уязвимость модуля Download All Files CMS-системы Drupal, связанная с отсутствием авторизации, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку принудительного просмотра (Forceful Browsing) |
| BDU:2025-00465 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-00701 | Уязвимость микропрограммного обеспечения маршрутизаторов Four-Faith F3x24, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-00865 | Уязвимость модуля Entity Delete Log CMS-системы Drupal, связанная с неправильной авторизацией, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку принудительного просмотра (Forceful Browsing) |
| BDU:2025-01033 | Уязвимость сервера веб-приложений SAP NetWeaver Java Application Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-01101 | Уязвимость файла /admin/tag/save системы управления контентом Jfinal CMS, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01196 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, позволяющая нарушителю получить доступ к конфиденциальной информации |
| BDU:2025-01262 | Уязвимость компонента WebKit браузера Safari операционных систем macOS, iOS, iPadOS, tvOS, visionOS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-01285 | Уязвимость компонента Design Tools SEC системы управления ресурсами предприятия JD Edwards EnterpriseOne Tools, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных |
| BDU:2025-01306 | Уязвимость средства для создания и управления документами SAP Document Builder, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-01370 | Уязвимость компонента Password Autofill операционных систем visionOS, iOS, iPadOS, MacOS и watchOS, позволяющая нарушителю читать и записывать произвольные файлы |
| BDU:2025-01382 | Уязвимость операционных систем macOS, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-01644 | Уязвимость компонента OSB Core Functionality интеграционной платформы для управления, маршрутизации и обработки сообщений между приложениями и сервисами Oracle Service Bus (OSB), позволяющая нарушителю получить несанкционированный доступ к защищаемой... |
| BDU:2025-02154 | Уязвимость сервера бизнес-аналитики Hitachi Vantara Pentaho Business Analytics Server, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании |
| BDU:2025-02195 | Уязвимость компонента виртуального устройства Delegated License Service (DLS) системы лицензирования NVIDIA, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и вызвать отказ в обслуживании |
| BDU:2025-03141 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю изменять статус задач в общедоступных проектах |
| BDU:2025-03174 | Уязвимость компонента Service Layer системы управления ресурсами предприятия SAP Business One, позволяющая нарушителю повысить свои привилегии и получить доступ на чтение, изменение и/или добавление данных |
| BDU:2025-03176 | Уязвимость компонента Process Chains системы управления данными и аналитики SAP Business Warehouse, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-03228 | Уязвимость плагина Tutor LMS системы управления содержимым сайта WordPress, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-03626 | Уязвимость приложения для мониторинга и управления подтверждения поставок SAP Just In Time, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-03629 | Уязвимость компонента eDocument Cockpit программного обеспечения для обработки электронных счетов-фактур SAP Electronic Invoicing for Brazil, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-03792 | Уязвимость сервера автоматизации Jenkins, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-03793 | Уязвимость сервера автоматизации Jenkins, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-03802 | Уязвимость сервера системы управления базами данных MongoDB, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации |
| BDU:2025-03903 | Уязвимость пакета программ сетевого взаимодействия Samba, связанная с ошибками авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2025-04025 | Уязвимость компонента PDFClass Handler платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-04298 | Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2025-04574 | Уязвимость компонента Name Handler инструмента настройки сервисов Consul и Consul Enterprise, позволяющая нарушителю получить доступ к потенциально конфиденциальной информации |
| BDU:2025-04744 | Уязвимость инструмента управления базами данных pgAdmin 4, связанная с отсутствием авторизации, позволяющая нарушителю обойти проверку авторизации и выполнить произвольный код |
| BDU:2025-04837 | Уязвимость платформы управления программными средами SAP Solution Manage, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-04838 | Уязвимость платформы электронной коммерции SAP Commerce Cloud, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-04839 | Уязвимость программной интеграционной платформы SAP NetWeaver Application Server ABAP, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-04841 | Уязвимость компонента RFC Enabled Function Module программных интеграционных платформ SAP NetWeaver и ABAP Platform, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-04845 | Уязвимость бизнес-приложения для управления знаниями SAP KMC WPC, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05162 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05353 | Уязвимость компонента org.xwiki.platform:xwiki-platform-repository-rest-server платформы создания совместных веб-приложений XWiki Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05355 | Уязвимость компонента org.xwiki.platform:xwiki-platform-security-authentication-ui платформы создания совместных веб-приложений XWiki Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05356 | Уязвимость компонента org.xwiki.platform:xwiki-platform-component-wiki платформы создания совместных веб-приложений XWiki Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05538 | Уязвимость операционных систем MacOS, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05791 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-05980 | Уязвимость функции ayssavegoogle_credentials() плагина Quiz Maker системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и проводить межсайтовые сценарные атаки |
| BDU:2025-06112 | Уязвимость компонента Grade Report Handler виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06166 | Уязвимость оркестратора приложений Nomad, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06167 | Уязвимость оркестратора приложений Nomad, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06173 | Уязвимость оркестратора приложений Nomad, связанная с некорректной обработкой заголовка сетевого пакета, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-06372 | Уязвимость плагина Zoho Flow системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-06654 | Уязвимость программной интеграционной платформы SAP NetWeaver Application Server ABAP, связанная с отсутствием механизма проверки подлинности при обработке входящих RFC-запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-06756 | Уязвимость компонента Enterprise Event Enablement программной платформы SAP S/4HANA, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2025-06758 | Уязвимость плагина SAP Plug-In Basis системы управления данными и аналитики SAP Business Warehouse, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06759 | Уязвимость плагина AC системы управления рисками, соблюдения нормативных требований и корпоративного управления SAP GRC (Governance, Risk, and Compliance), позволяющая нарушителю получить несанкционированный доступ на чтение и изменение данных |
| BDU:2025-06828 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition (EE), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2025-07573 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-07635 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-07920 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение и изменение данных |
| BDU:2025-07921 | Уязвимость интерфейса GraphQL API программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю обойти ограничения безопасности и повысить свои привилегии |
| BDU:2025-08109 | Уязвимость компонента CRM User Management Framework пакета приложений Oracle Common Applications системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить несанкционированный доступ к защищаемой информаци... |
| BDU:2025-08330 | Уязвимость службы StateRepository операционной системы Windows, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2025-08747 | Уязвимость веб-интерфейса программного обеспечения для управления политиками безопасности Juniper Networks Security Director, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-08750 | Уязвимость компонента Virtual Routing and Forwarding (VRF) операционных систем Juniper Networks Junos OS Evolved, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-08799 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю проводить спуфинг-атаки |
| BDU:2025-09118 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-09371 | Уязвимость функции get_details() плагина POST SMTP системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии и раскрыть защищаемую информацию |
| BDU:2025-09686 | Уязвимость корпоративной версии платформы GitHub Enterprise Server, связанная с отсутствием процедуры авторизации, позволяющая нарушителю видеть имена частных репозиториев |
| BDU:2025-09757 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-09758 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и повысить свои привилегии |
| BDU:2025-09759 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-09760 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-09766 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-10074 | Уязвимость службы Remote Desktop Services (RDS) операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ на изменение защищаемой информации |
| BDU:2025-10224 | Уязвимость платформы виртуализации VMware Cloud Foundation, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-10330 | Уязвимость операционных систем Cisco IOS коммутаторов Cisco Industrial Ethernet 2000, 4000, 4010 и 5000, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-10423 | Уязвимость компонента Manage Processing Rules (For Bank Statement) программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-10425 | Уязвимость компонента Bank Account Application программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-10428 | Уязвимость компонента Manage Central Purchase Contract программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации |
| BDU:2025-10435 | Уязвимость компонента EPC2 микропрограммного обеспечения промышленного цифрового газоанализатора MEAC300-FNADE4, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2025-10461 | Уязвимость компонента NFS Export операционной системы PowerScale OneFS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-10640 | Уязвимость программных интеграционных платформ SAP NetWeaver и ABAP Platform, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-10642 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-10651 | Уязвимость системы управления данными и аналитики SAP Business Warehouse, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-10652 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-10654 | Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-10935 | Уязвимость микропрограммного обеспечения сетевого видеорегистратора Digiever DS-2105 Pro, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольные команды |
| BDU:2025-11006 | Уязвимость программного обеспечения администрирования сети Cisco Secure Firewall Management Center (ранее Cisco Firepower Management Center), связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть конфиденциальную информацию |
| BDU:2025-11007 | Уязвимость программного обеспечения администрирования сети Cisco Secure Firewall Management Center (ранее Cisco Firepower Management Center), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение данных |
| BDU:2025-11290 | Уязвимость изолированной программной среды Sandbox операционных систем iOS, iPadOS, tvOS, watchOS, macOS, позволяющая нарушителю обойти защитный механизм песочницы |
| BDU:2025-11515 | Уязвимость компонента SharedFileList операционных систем MacOS, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии |
| BDU:2025-11518 | Уязвимость компонента Shortcuts операционных систем MacOS, iPadOS и iOS, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии |
| BDU:2025-11603 | Уязвимость операционной системы Android, связанная с отсутствием авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-11606 | Уязвимость функции isSystem файла WifiPermissionsUtil.java операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-11645 | Уязвимость компонента Framework операционных систем Android, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2025-11688 | Уязвимость компонента Framework операционных систем Android, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-11751 | Уязвимость веб-сервера VPN микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой инфо... |
| BDU:2025-12463 | Уязвимость платформы для работы с кодом GitFlic, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-12464 | Уязвимость платформы для работы с кодом GitFlic, связанная с отсутствием авторизации, позволяющая нарушителю выполнять произвольные http-запросы от имени сервера |
| BDU:2025-12672 | Уязвимость сервисов управления интегрированными средами разработки IDE Services, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить привилегии |
| BDU:2025-12842 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-12945 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-12946 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ на удаление защищаемой информации |
| BDU:2025-12947 | Уязвимость функции внешних ссылок системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-12950 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-12955 | Уязвимость функционального модуля RFC-интерфейса программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-12956 | Уязвимость системы управления данными и аналитики SAP Business Warehouse, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-12957 | Уязвимость системы управления данными и аналитики SAP Business Warehouse, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-12959 | Уязвимость программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-12961 | Уязвимость программного решения для оптимизации операций в промышленности SAP for Oil Gas, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на удаление пользовательских данных |
| BDU:2025-13316 | Уязвимость компонента Detail View программного обеспечения для аналитики и анализа данных Hitachi Ops Center Analyzer, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-13332 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-13336 | Уязвимость реализации протокола OAuth приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-13340 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-13455 | Уязвимость облачного корпоративного решения для планирования и управления программными и ИТ-проектами Jira Align (ранее AgileCraft), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаем... |
| BDU:2025-13579 | Уязвимость прикладного программного интерфейса программной платформы на базе git для совместной работы над кодом GitLab EE, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к агентам из другого пр... |
| BDU:2025-13804 | Уязвимость компонента UEFI микропрограммного обеспечения встраиваемых платформ для искусственного интеллекта NVIDIA Jetson Orin Series и NVIDIA Jetson Xavier Series, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-14034 | Уязвимость компонента Compiler виртуальной машины Oracle GraalVM for JDK, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14083 | Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-14153 | Уязвимость платформ для составления отчётов Nuance PowerScribe One и Nuance PowerScribe 360, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-14460 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14472 | Уязвимость инструмента для мониторинга ИТ-инфраструктуры Nagios XI, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14492 | Уязвимость веб-терминала SSH инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию |
| BDU:2025-14683 | Уязвимость модуля XWiki Remote Macros платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14704 | Уязвимость конфигурации Allow Insecure Logins инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю повысить свои привилегии и получить полный контроль над приложением |
| BDU:2025-14726 | Уязвимость операционной системы OxygenOS устройств OnePlus 8T и 10 Pro 5G, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации |
| BDU:2025-14895 | Уязвимость программного обеспечения управления аккаунтами JetBrains Hub, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14915 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-14916 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2025-14928 | Уязвимость прикладного программного интерфейса программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-15404 | Уязвимость функции __construct плагина POST SMTP системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии и раскрыть защищаемую информацию |
| BDU:2025-15429 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопаности путем загрузки специально созданных файлов |
| BDU:2025-15431 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15432 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15433 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15434 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15438 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-15449 | Уязвимость межсетевого экрана PT NGFW, связанная с отсутствием авторизации, позволяющая нарушителю получить доступ к защищаемой информации |
| BDU:2025-15899 | язвимость системы поиска Enterprise Search программной интеграционной платформы SAP ABAP Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-15904 | Уязвимость компонента AuthN системы распределённого хранения данных для приложений на основе искусственного интеллекта NVIDIA AIStore, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-15910 | Уязвимость микропрограммного обеспечения сетевых устройств Zyxel ATP, USG FLEX и USG FLEX 50(W)/USG20(W)-VPN, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2025-16006 | Уязвимость веб-интерфейса средства администрирования Juniper Networks Junos Space Security Director, позволяющая нарушителю получить несанкционированный доступ на чтение и изменение защищаемой информации |
| BDU:2025-16082 | Уязвимость инструмента Service Data Control Center (SDCCN) программных интеграционных платформ SAP NetWeaver и ABAP Platform, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16145 | Уязвимость консоли управления микропрограммного обеспечения межсетевых экранов SonicWall SMA1000, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-16260 | Уязвимость плагина SAP Plug-In Basis системы управления данными и аналитики SAP Business Warehouse, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16306 | Уязвимость программной интеграционной платформы SAP NetWeaver ABAP, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16351 | Уязвимость клиента реализации протокола Kermit пакета программного обеспечения для последовательной и сетевой связи C-Kermit, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-16385 | Уязвимость плагина Malcure Malware Scanner системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольный код |
| BDU:2026-00020 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00021 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение параметров профиля |
| BDU:2026-00023 | Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение системных данных |
| BDU:2026-00025 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00026 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00027 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00057 | Уязвимость сетевой файловой системы Network File System (NFS) операционной систем Synology DiskStation Manager, позволяющая нарушителю читать произвольные файлы |
| BDU:2026-00230 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, позволяющая нарушителю повысить свои привилегии |
| BDU:2026-00232 | Уязвимость программной платформы SAP S/4HANA, позволяющая нарушителю выполнить произвольный код |
| BDU:2026-00233 | Уязвимость приложения для установления связи между облачной платформой и локальной системой SAP Cloud Connector, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ на изменение защищаемой информации |
| BDU:2026-00269 | Уязвимость сервера системы управления базами данных MongoDB, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2026-00279 | Уязвимость системы управления контентом на основе технологии Java OFCMS, связаная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00315 | Уязвимость сервера автоматизации Jenkins, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-00492 | Уязвимость программного обеспечения для онлайн-моделирования и оптимизации процессов AVEVA Process Optimization, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольный код, получить доступ на чтение, изменение и удаление ф... |
| BDU:2026-00766 | Уязвимость приложения Business Server Pages Application, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации |
| BDU:2026-00771 | Уязвимость файла WifiScanModeActivity.java операционной системы Android, позволяющая нарушителю повысить свои привилегии |
| BDU:2026-00774 | Уязвимость компонента IntentResolver операционной системы Android, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-00887 | Уязвимость компонента для отображения веб-страниц WebView браузера Google Chrome, позволяющая нарушителю выполнить произвольный код |
| BDU:2026-01022 | Уязвимость утилиты qemu-img агента для взаимодействия между системой Ironic и физическим оборудованием Ironic Python Agent (IPA), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-01625 | Уязвимость инструмента создания сценариев веб-клиента системы для управления взаимоотношениями с клиентами SAP CRM и программной платформы SAP S/4HANA, позволяющая нарушителю выполнить произвольный код и получить несанкционированный доступ к базе дан... |
| BDU:2026-02071 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition (EE), связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к настройкам модели ИИ |
| BDU:2026-02073 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition (EE), связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к настройкам модели ИИ |
| BDU:2026-02082 | Уязвимость многоплатформенного веб-решения для создания Scada-систем Scada-LTS, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю обойти ограничения безопасности и осуществить CSRF-атаку |
| BDU:2026-02141 | Уязвимость программного средства централизованного управления устройствами Fortinet FortiManager, связанная с отсутсвием авторизации, позволяющая нарушителю оказать влияние на целостность защищаемой информации |
| BDU:2026-02143 | Уязвимость функций UploadIssueAttachment() и UploadReleaseAttachment() программного средства создания самоуправляемых Git-репозиториев Gogs, позволяющая нарушителю вызвать отказ в обслуживании и выполнить произвольный код |
| BDU:2026-02444 | Уязвимость платформы обработки данных Apache NiFi, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2026-02528 | Уязвимость межсетевого экрана PT NGFW, связанная с недостатком контроля доступа, позволяющая нарушителю получить несанкционированный доступ к резервным копиям MinIO |
| BDU:2026-02733 | Уязвимость компонента lanserv_ipmi.c утилиты для управления IPMI-устройствами OpenIPMI, связанная с ошибками авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2026-03234 | Уязвимость программной платформы для создания пользовательских интерфейсов поверх языковых моделей (LLM) Flowise, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю выполнить произвольные команды |
| BDU:2026-03426 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности |
| BDU:2026-03484 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-03521 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с отсутствием авторизации, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2026-03550 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю обойти существующие механизмы безопасности |
| BDU:2026-03577 | Уязвимость системы управления базами данных MongoDB, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-04276 | Уязвимость разграничения прав доступа сервиса для управления бизнесом Битрикс24 и системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление сайтом, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный досту... |
| BDU:2026-04594 | Уязвимость веб-интерфейса управления программного средства управления сетевыми сервисами Cisco Evolved Programmable Network Manager (EPNM), позволяющая нарушителю скомпрометировать уязвимое устройство |
| BDU:2026-04882 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2026-05060 | Уязвимость файла /admin/edit-user.php веб-приложения управления взаимоотношениями с клиентами PHPGurukul Small CRM, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2026-05092 | Уязвимость системы для ведения медицинской документации OpenEMR, связанная с обходом авторизации посредством ключа, контролируемого пользователем, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2026-05093 | Уязвимость системы для ведения медицинской документации OpenEMR, связанная с неправильным порядком поведения, позволяющая нарушителю повысить свои привилегии |
| BDU:2026-05150 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с некорректной авторизацией, позволяющая нарушителю повысить свои привилегии |
| BDU:2026-05293 | Уязвимость платформы создания совместных веб-приложений XWiki Platform, связанная с отсутствием авторизации, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации |
| BDU:2026-05417 | Уязвимость программных платформ SAP S/4HANA и SAP ERP, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать влияние на целостность и доступность защищаемой информации |
| BDU:2026-05442 | Уязвимость платформы бизнес-аналитики SAP Business Analytics и CMS-системы SAP Content Management, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-05448 | Уязвимость службы OData Service программной платформы SAP S/4HANA, позволяющая нарушителю получить доступ на чтение, изменение и удаление данных |
| BDU:2026-05594 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI связана с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-05615 | Уязвимость сетевого программного средства Apache Airflow, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к рабочим процессам HITL |
| BDU:2026-05630 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ на изменение защищаемой информации |
| BDU:2026-06571 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-06573 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие механизмы безопасности |
| BDU:2026-06593 | Уязвимость средства управления серверами Windows Admin Center, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2026-06727 | Уязвимость команды KILL_CLIENT программного обеспечения для пула соединения в PostgreSQL PgBouncer, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2026-06920 | Уязвимость платформы для автоматизации рабочих процессов N8n, связанная с недостатками процедуры авторизации, позволяющая нарушителю повторно использовать внешний ключ API и получить несанкционированный доступ к защищаемой информации |
| BDU:2026-06921 | Уязвимость функции Hosted Chat узла Chat Trigger платформы для автоматизации рабочих процессов N8n, позволяющая нарушителю получить несанкционированный доступ на чтение и изменение защищаемой информации |
| BDU:2026-07014 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2026-07030 | Уязвимость системы управления контентом Craft CMS, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2026-07039 | Уязвимость интерфейса Snapshot API платформы для мониторинга и наблюдения Grafana, позволяющая нарушителю получить доступ на чтение и удаление данных |
| BDU:2026-07090 | Уязвимость функции map_keys_roles() подсистемы ролевого управления доступом RBAC гипервизора XCP-ng и платформы для серверной виртуализации XenServer, позволяющая нарушителю обойти существующие механизмы безопасности |
| BDU:2026-07103 | Уязвимость команды CREATE TYPE системы управления базами данных PostgreSQL, позволяющая нарушителю выполнять произвольные SQL-функции |
| BDU:2026-07143 | Уязвимость веб-интерфейса на базе искуственного интеллекта Open WebUI, связанная с отсутствием авторизации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2026-07174 | Уязвимость агента удаленного доступа пользователей к корпоративным ресурсам и приложениям Prisma Access Agent, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии, получить доступ на чтение данных и выполни... |
| BDU:2026-07188 | Уязвимость функции get_tool_by_id() веб-интерфейса на базе искуственного интеллекта Open WebUI, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-07192 | Уязвимость веб-интерфейса на базе искуственного интеллекта Open WebUI, связанная с отсутствием авторизации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2026-07197 | Уязвимость веб-интерфейса на базе искуственного интеллекта Open WebUI, связанная с отсутствием проверки разрешений, позволяющая нарушителю получить доступ на чтение, изменение данных, повысить свои привилегии и выполнить произвольный код |
| BDU:2026-07302 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с отсутствием авторизации, позволяющая нарушителю создать или изменить произвольные файлы |
| BDU:2026-07482 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-07490 | Уязвимость интерфейса Duo Workflows API программной платформы на базе git для совместной работы над кодом GitLab EE, позволяющая нарушителю обойти существующие ограничения безопасности |
Идентификаторы CVE уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| CVE-2011-4183 | open build service allows anyone to upload rpms |
| CVE-2013-10072 | Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization |
| CVE-2013-3703 | No write permission check in change_role command |
| CVE-2015-10140 | Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion |
| CVE-2015-10143 | Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update |
| CVE-2015-20067 | WP Attachment Export < 0.2.4 - Unauthenticated Posts Download |
| CVE-2017-2652 | It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jen... |
| CVE-2017-2662 | A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a reposito... |
| CVE-2017-7530 | In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when... |
| CVE-2017-7548 | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attacke... |
| CVE-2018-10865 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allow... |
| CVE-2018-10866 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allow... |
| CVE-2018-14628 | An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticat... |
| CVE-2018-25019 | LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload |
| CVE-2018-25105 | File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download |
| CVE-2018-7688 | Open Build Service accepts arbitrary reviews |
| CVE-2018-7689 | Open Build Service arbitrary package modification |
| CVE-2019-10184 | undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures... |
| CVE-2019-13547 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP a... |
| CVE-2019-14822 | A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to... |
| CVE-2019-18581 | Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71... |
| CVE-2019-25214 | ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting |
| CVE-2019-25215 | ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions |
| CVE-2019-25217 | SiteGround Optimizer <= 5.0.12 - Missing Authorization |
| CVE-2019-3879 | It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command,... |
| CVE-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs... |
| CVE-2019-6580 | A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions... |
| CVE-2020-10684 | A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when u... |
| CVE-2020-10689 | A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An auth... |
| CVE-2020-10697 | A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can... |
| CVE-2020-10701 | A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw... |
| CVE-2020-10746 | A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to contro... |
| CVE-2020-14306 | An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through... |
| CVE-2020-14491 | OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a... |
| CVE-2020-14520 | The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the... |
| CVE-2020-15247 | Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. |
| CVE-2020-1996 | PAN-OS: Panorama management server log injection |
| CVE-2020-24672 | ABB Base Software for SoftControl Remote Code Execution vulnerability |
| CVE-2020-25711 | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server mana... |
| CVE-2020-25718 | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain con... |
| CVE-2020-26212 | Any GLPI CalDAV calendars is read-only for every authenticated user |
| CVE-2020-26231 | Bypass of fix for CVE-2020-15247, Twig sandbox escape |
| CVE-2020-27220 | The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receiv... |
| CVE-2020-27349 | aptdaemon performed policykit permissions checks too late |
| CVE-2020-27777 | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due... |
| CVE-2020-28215 | A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range... |
| CVE-2020-3400 | Cisco IOS XE Software Web UI Authorization Bypass Vulnerability |
| CVE-2020-36239 | Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8... |
| CVE-2020-36833 | Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks |
| CVE-2020-36834 | Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization |
| CVE-2020-36837 | ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset |
| CVE-2020-36840 | Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization |
| CVE-2020-36852 | Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping |
| CVE-2020-5228 | Opencast allows unauthorized public access via OAI-PMH |
| CVE-2020-5368 | Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attac... |
| CVE-2020-7343 | Improper Authorization vulnerability in MA |
| CVE-2021-21246 | Pre-Auth Access token leak |
| CVE-2021-21255 | entities switch IDOR |
| CVE-2021-21264 | Bypass of fix for CVE-2020-26231, Twig sandbox escape |
| CVE-2021-21307 | Remote Code Exploit in Lucee Admin |
| CVE-2021-21326 | Horizontal Privilege Escalation |
| CVE-2021-21327 | Unsafe Reflection in getItemForItemtype() |
| CVE-2021-22513 | Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability af... |
| CVE-2021-22891 | A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1... |
| CVE-2021-22896 | Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticat... |
| CVE-2021-24184 | Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation |
| CVE-2021-24352 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export |
| CVE-2021-24353 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import |
| CVE-2021-24354 | Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation |
| CVE-2021-24355 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value |
| CVE-2021-24356 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation |
| CVE-2021-24500 | Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities |
| CVE-2021-24501 | Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions |
| CVE-2021-24633 | Countdown Block < 1.1.2 - Missing Authorisation in AJAX action |
| CVE-2021-24639 | OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion |
| CVE-2021-24677 | Find My Blocks < 3.4.0 - Private Post Titles Disclosure |
| CVE-2021-24730 | Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update |
| CVE-2021-24779 | WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update |
| CVE-2021-24790 | Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls |
| CVE-2021-24831 | Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls |
| CVE-2021-24836 | Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update |
| CVE-2021-24839 | SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion |
| CVE-2021-24842 | Bulk Datetime Change < 1.12 - Missing Authorisation |
| CVE-2021-24890 | Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2021-24906 | Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation |
| CVE-2021-24914 | Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal |
| CVE-2021-24950 | Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS |
| CVE-2021-24968 | Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation |
| CVE-2021-24977 | Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending |
| CVE-2021-24978 | OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion |
| CVE-2021-24993 | Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update |
| CVE-2021-24997 | WP Guppy < 1.3 - Sensitive Information Disclosure |
| CVE-2021-25002 | Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure |
| CVE-2021-25011 | WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update |
| CVE-2021-25013 | Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2021-25014 | Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-25018 | PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-25025 | Event Calendar < 1.1.51 - Subscriber+ Event Creation |
| CVE-2021-25032 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise |
| CVE-2021-25042 | WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS |
| CVE-2021-25075 | Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS |
| CVE-2021-25084 | Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion |
| CVE-2021-25087 | Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure |
| CVE-2021-25093 | Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion |
| CVE-2021-25095 | IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban |
| CVE-2021-25116 | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion |
| CVE-2021-27855 | FatPipe software allows privilege escalation |
| CVE-2021-27857 | FatPipe software allows unauthenticated configuration download |
| CVE-2021-27858 | Missing authorization vulnerability in FatPipe software |
| CVE-2021-27859 | Missing authorization vulnerability in FatPipe software |
| CVE-2021-31384 | Junos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from... |
| CVE-2021-32472 | Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle version... |
| CVE-2021-32503 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only... |
| CVE-2021-32504 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only... |
| CVE-2021-32748 | WOPI API not protected by credentials/IP check |
| CVE-2021-33704 | The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that woul... |
| CVE-2021-34629 | SendGrid <= 1.11.8 – Authorization Bypass |
| CVE-2021-35001 | BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability |
| CVE-2021-3653 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (vi... |
| CVE-2021-3656 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (vi... |
| CVE-2021-3814 | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth ins... |
| CVE-2021-38164 | SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618,... |
| CVE-2021-38431 | Advantech WebAccess SCADA |
| CVE-2021-39231 | Missing authentication/authorization on internal RPC endpoints |
| CVE-2021-39232 | Missing admin check for SCM related admin commands |
| CVE-2021-39236 | Owners of the S3 tokens are not validated |
| CVE-2021-39347 | Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking |
| CVE-2021-40501 | SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authentica... |
| CVE-2021-40502 | SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticat... |
| CVE-2021-4074 | WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-40853 | TCMAN GIM missing authorization vulnerability |
| CVE-2021-41112 | Missing Authorization in Rundeck |
| CVE-2021-41233 | Missing authorization in Nextcloud text |
| CVE-2021-41238 | Missing Authorization with Default Settings in Dashboard UI |
| CVE-2021-42062 | SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in... |
| CVE-2021-42367 | Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-42848 | An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauth... |
| CVE-2021-42851 | A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create... |
| CVE-2021-43781 | Permissions not properly checked in Invenio-Drafts-Resources |
| CVE-2021-44055 | Information leakage in Video Station |
| CVE-2021-44233 | SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an aut... |
| CVE-2021-4444 | Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization |
| CVE-2021-4445 | Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update |
| CVE-2021-4446 | Essential Addons for Elementor <= 4.6.4 - Missing Authorization |
| CVE-2021-4447 | Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation |
| CVE-2021-4448 | Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization |
| CVE-2021-44792 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44793 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44794 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44795 | Modifying User Permissions via Unauthorized Access in Single Connect |
| CVE-2021-47662 | Unauthenticated remote shutdown of the cobot |
| CVE-2022-0398 | ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation |
| CVE-2022-0404 | Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS |
| CVE-2022-0444 | XCloner < 4.3.6 - Plugin Settings Reset |
| CVE-2022-0579 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0588 | Missing Authorization in librenms/librenms |
| CVE-2022-0611 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0634 | ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF |
| CVE-2022-1203 | Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update |
| CVE-2022-1245 | A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client applic... |
| CVE-2022-1323 | Discy < 5.0 - Subscriber+ Broken Access Control to change settings |
| CVE-2022-1329 | Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution |
| CVE-2022-1777 | Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls |
| CVE-2022-0229 | miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion |
| CVE-2022-0236 | WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure |
| CVE-2022-0287 | Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure |
| CVE-2022-0345 | Better Notifications for WP < 1.8.7 - Email Address Disclosure |
| CVE-2022-0363 | myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-0726 | Missing Authorization in chocobozzz/peertube |
| CVE-2022-0745 | Like Button Rating < 2.6.45 - Arbitrary e-mail Sending |
| CVE-2022-0755 | Missing Authorization in salesagility/suitecrm |
| CVE-2022-0756 | Missing Authorization in salesagility/suitecrm |
| CVE-2022-1020 | Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call |
| CVE-2022-1054 | RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export |
| CVE-2022-1092 | myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure |
| CVE-2022-1511 | Missing Authorization in snipe/snipe-it |
| CVE-2022-1570 | Files Download Delay < 1.0.7 - Subscriber+ Settings Reset |
| CVE-2022-1572 | HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion |
| CVE-2022-1574 | HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1903 | ARMember < 3.4.8 - Unauthenticated Admin Account Takeover |
| CVE-2022-22535 | SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the pa... |
| CVE-2022-2276 | WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion |
| CVE-2022-23055 | ERPNext - Improper user access conrol |
| CVE-2022-23180 | Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update |
| CVE-2022-23617 | Missing authorization in xwiki-platform |
| CVE-2022-23621 | Missing authorization in xwiki-platform |
| CVE-2022-0163 | Smart Forms < 2.6.71 - Subscriber+ Form Data Download |
| CVE-2022-0164 | Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users |
| CVE-2022-0178 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0179 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0218 | WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route |
| CVE-2022-0833 | Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure |
| CVE-2022-0837 | Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure |
| CVE-2022-0871 | Missing Authorization in gogs/gogs |
| CVE-2022-0885 | Member Hero <= 1.0.9 - Unauthenticated RCE |
| CVE-2022-0905 | Missing Authorization in go-gitea/gitea |
| CVE-2022-0919 | Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure |
| CVE-2022-0932 | Missing Authorization in saleor/saleor |
| CVE-2022-0952 | Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Unauthenticated Settings Update |
| CVE-2022-2373 | Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure |
| CVE-2022-2369 | YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure |
| CVE-2022-2370 | YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak |
| CVE-2022-2405 | WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion |
| CVE-2022-24317 | A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific... |
| CVE-2022-24896 | Tracker report renderer and chart widgets leak information in Tuleap |
| CVE-2022-2543 | Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection |
| CVE-2022-2552 | Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure |
| CVE-2022-27658 | Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead... |
| CVE-2022-27669 | An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - versio... |
| CVE-2022-29176 | Unauthorized gem takeover for some gems on rubygems.org |
| CVE-2022-30731 | Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private f... |
| CVE-2022-3082 | miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling |
| CVE-2022-3096 | WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS |
| CVE-2022-3244 | Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation |
| CVE-2022-2376 | Directorist < 7.3.1 - Unauthenticated Email Address Disclosure |
| CVE-2022-2377 | Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending |
| CVE-2022-2379 | Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API |
| CVE-2022-2382 | Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-2389 | Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation |
| CVE-2022-23944 | Apache ShenYu 2.4.1 Improper access control |
| CVE-2022-23945 | Apache ShenYu missing authentication allows gateway registration |
| CVE-2022-2450 | reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls |
| CVE-2022-24669 | Anonymous users can register / de-register for configuration change notifications |
| CVE-2022-2657 | Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls |
| CVE-2022-28789 | Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. T... |
| CVE-2022-29611 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticate... |
| CVE-2022-2985 | In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no... |
| CVE-2022-2987 | Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass |
| CVE-2022-31167 | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same re... |
| CVE-2022-3124 | Frontend File Manager < 21.3 - Unauthenticated File Renaming |
| CVE-2022-21660 | Missing authorization in gin-vue-admin |
| CVE-2022-21953 | Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster |
| CVE-2022-22107 | DayByDay CRM - Missing Authorization when Viewing Appointments |
| CVE-2022-22108 | DayByDay CRM - Missing Authorization when Viewing Absences |
| CVE-2022-22111 | DayByDay CRM - Missing Authorization when Changing Password |
| CVE-2022-25810 | Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls |
| CVE-2022-26102 | Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authen... |
| CVE-2022-26103 | Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access informat... |
| CVE-2022-2841 | CrowdStrike Falcon Uninstallation authorization |
| CVE-2022-2846 | Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS |
| CVE-2022-3007 | Unauthorized Access Vulnerability in Syska SW100 Smartwatch |
| CVE-2022-31128 | Fine grained permissions are not checked in Tuleap |
| CVE-2022-31592 | The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 80... |
| CVE-2022-31595 | SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, result... |
| CVE-2022-31597 | Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension f... |
| CVE-2022-31765 | Affected devices do not properly authorize the change password function of the web interface. This could allow low privilege... |
| CVE-2022-32768 | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev mas... |
| CVE-2022-32769 | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev mas... |
| CVE-2022-32966 | Realtek RTL8111FP-CG - Missing Authorization |
| CVE-2022-38141 | WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control |
| CVE-2022-39080 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with... |
| CVE-2022-39090 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39091 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39092 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39093 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39094 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39095 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39096 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39097 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39098 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39099 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39100 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39101 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39102 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39103 | In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with n... |
| CVE-2022-39104 | In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with... |
| CVE-2022-39107 | In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder ser... |
| CVE-2022-39108 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-39109 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-3911 | iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin |
| CVE-2022-39110 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-39111 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-3320 | Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command |
| CVE-2022-3321 | Lock WARP switch feature bypass on WARP mobile client for iOS |
| CVE-2022-3322 | Lock WARP switch bypass on WARP mobile client using iOS quick action |
| CVE-2022-3337 | Lock WARP switch bypass by removing VPN profile on iOS mobile client |
| CVE-2022-3489 | WP Hide <= 0.0.2 - Unauthenticated Settings Update |
| CVE-2022-3512 | Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command |
| CVE-2022-35293 | Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On su... |
| CVE-2022-3538 | Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation |
| CVE-2022-36340 | WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability |
| CVE-2022-36352 | WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control |
| CVE-2022-36404 | WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability |
| CVE-2022-36418 | WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication |
| CVE-2022-3920 | Consul Peering Imported Nodes/Services Leak |
| CVE-2022-3923 | ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup |
| CVE-2022-39233 | Tuleap subject to Missing Authorization allowing for branch prefix modification |
| CVE-2022-3946 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion |
| CVE-2022-3961 | Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure |
| CVE-2022-39861 | Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without... |
| CVE-2022-40702 | WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control |
| CVE-2022-34344 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control |
| CVE-2022-3451 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2022-36024 | Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution |
| CVE-2022-36068 | Discourse moderators can edit themes via the API |
| CVE-2022-36091 | XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthori... |
| CVE-2022-36836 | Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state witho... |
| CVE-2022-38669 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service... |
| CVE-2022-38670 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service... |
| CVE-2022-38678 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38682 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38683 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38684 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38697 | In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service... |
| CVE-2022-38698 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with... |
| CVE-2022-3999 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-4004 | Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam |
| CVE-2022-40203 | WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control |
| CVE-2022-40218 | WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2022-39112 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39113 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39114 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39115 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39117 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional... |
| CVE-2022-40975 | WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2022-4102 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion |
| CVE-2022-4103 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-4124 | Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion |
| CVE-2022-41271 | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process... |
| CVE-2022-41272 | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search... |
| CVE-2022-4148 | WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion |
| CVE-2022-41619 | WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control |
| CVE-2022-41692 | WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability |
| CVE-2022-41695 | WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control |
| CVE-2022-41698 | WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control |
| CVE-2022-41937 | Missing Authorization in XWiki Platform |
| CVE-2022-41995 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control |
| CVE-2022-43453 | WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability |
| CVE-2022-43472 | WordPress eRoom plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2022-43476 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to Broken Access Control |
| CVE-2022-43482 | WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability |
| CVE-2022-4384 | Stream < 3.9.2 - Subscriber+ Alert Creation |
| CVE-2022-39119 | In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2022-47168 | WordPress Printful Integration for WooCommerce plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) |
| CVE-2022-47176 | WordPress Depicter Slider plugin <= 1.9.0 - Broken Access Control vulnerability |
| CVE-2022-47182 | WordPress APIExperts Square for WooCommerce plugin <= 4.4.1 - Broken Access Control |
| CVE-2022-47429 | WordPress Coming Soon Landing Page and Maintenance Mode WordPress Plugin plugin <= 2.2.0 - Broken Access Control |
| CVE-2022-40223 | WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability |
| CVE-2022-4024 | Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion |
| CVE-2022-42776 | In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional... |
| CVE-2022-42777 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-42778 | In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no ad... |
| CVE-2022-42884 | WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control |
| CVE-2022-4366 | Missing Authorization in lirantal/daloradius |
| CVE-2022-44578 | WordPress Owl Carousel plugin <= 0.5.3 - Broken Access Control vulnerability |
| CVE-2022-44626 | WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability |
| CVE-2022-44633 | WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerabili... |
| CVE-2022-46795 | WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerability |
| CVE-2022-46796 | WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability |
| CVE-2022-46807 | WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control |
| CVE-2022-46811 | WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF |
| CVE-2022-46838 | WordPress JS Help Desk plugin <= 2.7.1 - Unauthenticated Settings Change Vulnerability |
| CVE-2022-46840 | WordPress JS Help Desk plugin <= 2.7.1 - Broken Access Control |
| CVE-2023-0019 | In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_7... |
| CVE-2023-0335 | WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion |
| CVE-2023-0336 | OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion |
| CVE-2023-0405 | GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update |
| CVE-2023-0441 | Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update |
| CVE-2023-0889 | TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update |
| CVE-2022-4385 | Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update |
| CVE-2022-44422 | In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no... |
| CVE-2022-44423 | In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no... |
| CVE-2022-44424 | In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no... |
| CVE-2022-44434 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44435 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44436 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44437 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44438 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44439 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-45070 | WordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerability |
| CVE-2022-45349 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45351 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45352 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45356 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45803 | WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability |
| CVE-2022-45806 | WordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerability |
| CVE-2022-45811 | WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability |
| CVE-2022-2732 | Missing Authorization in openemr/openemr |
| CVE-2022-27480 | A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80)... |
| CVE-2022-38057 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability |
| CVE-2022-41786 | WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control |
| CVE-2022-41790 | WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control |
| CVE-2022-41929 | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore |
| CVE-2022-41930 | org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users |
| CVE-2022-47594 | WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control |
| CVE-2022-47601 | WordPress WP Table Manager plugin <= 3.5.2 - Broken Access Control |
| CVE-2022-47604 | WordPress AJAX Thumbnail Rebuild plugin <= 1.13 - Broken Access Control vulnerability |
| CVE-2022-48318 | Insecure access control mechanisms for RestAPI documentation |
| CVE-2023-0678 | Missing Authorization in phpipam/phpipam |
| CVE-2023-1114 | Improper Input Validation on e-Belediye |
| CVE-2023-1261 | Missing MAC layer security in Wi-SUN SDK |
| CVE-2023-1262 | Missing MAC layer security in Wi-SUN Linux Border Router |
| CVE-2023-0890 | Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access |
| CVE-2023-0911 | Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure |
| CVE-2023-0923 | Odh-notebook-controller-container: missing authorization allows for file contents disclosure |
| CVE-2023-1774 | Unauthorized email invite to a private channel |
| CVE-2023-1782 | Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation |
| CVE-2023-1903 | Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) |
| CVE-2023-20064 | Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability |
| CVE-2023-20252 | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow a... |
| CVE-2023-2179 | WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update |
| CVE-2023-2193 | Oauth authorization codes do not expire when deauthorizing an oauth2 app |
| CVE-2023-22478 | KubePi is vulnerable to missing authorization |
| CVE-2023-22488 | Missing authorization in Flarum |
| CVE-2023-22489 | Flarum is missing authorization in discussion replies |
| CVE-2023-23715 | WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability |
| CVE-2023-23716 | WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability |
| CVE-2023-23725 | WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability |
| CVE-2022-46846 | WordPress Trending/Popular Post Slider and Widget plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2022-46850 | WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion |
| CVE-2022-4872 | WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no' |
| CVE-2022-4972 | Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks |
| CVE-2023-1371 | W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure |
| CVE-2023-1414 | WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update |
| CVE-2023-1705 | Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows P... |
| CVE-2023-22674 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control |
| CVE-2023-22676 | WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control |
| CVE-2023-2268 | Plane v0.7.1 - Unauthorized access to files |
| CVE-2023-22697 | WordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2023-22699 | WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2023-22701 | WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability |
| CVE-2023-22708 | WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-22728 | Silverstripe Framework has missing permission check of canView in GridFieldPrintButton |
| CVE-2023-22736 | argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled |
| CVE-2023-22737 | wire-server vulnerable to unauthorized removal of Bots from Conversations |
| CVE-2023-22836 | In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the... |
| CVE-2023-22858 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 |
| CVE-2023-24375 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control v... |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2023-24524 | SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user... |
| CVE-2023-24528 | SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to expl... |
| CVE-2023-25026 | WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2023-25030 | WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability |
| CVE-2023-25035 | WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability |
| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability |
| CVE-2023-25039 | WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-25048 | WordPress Fantastic Content Protector Free plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2023-25060 | WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-25067 | WordPress We’re Open! plugin <= 1.45 - Broken Access Control vulnerability |
| CVE-2023-25703 | WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-25714 | WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability |
| CVE-2023-25715 | WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control |
| CVE-2023-25785 | WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability |
| CVE-2023-26520 | WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2023-26521 | WordPress Search in Place plugin <= 1.0.104 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-26522 | WordPress WP Repost plugin <= 0.1 - Broken Access Control vulnerability |
| CVE-2023-26523 | WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-27263 | IDOR: Accessing playbook runs via the Playbooks Runs API |
| CVE-2023-27264 | IDOR: Updating a playbook via the Playbooks API |
| CVE-2023-27309 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected app... |
| CVE-2023-27310 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected app... |
| CVE-2023-2796 | EventON < 2.1.2 - Unauthenticated Event Access |
| CVE-2023-28165 | WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability |
| CVE-2023-28168 | WordPress WordPress Console plugin <= 0.3.9 - Broken Access Control vulnerability |
| CVE-2023-28416 | WordPress Chankhe theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation vulnerability |
| CVE-2023-28417 | WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability |
| CVE-2023-28492 | WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-28494 | WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-28689 | WordPress JS Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-28775 | WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability |
| CVE-2023-28990 | WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability |
| CVE-2023-29237 | WordPress Remove Duplicate Posts plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2023-29239 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-29422 | WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability |
| CVE-2023-29429 | WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability |
| CVE-2023-29431 | WordPress qTranslate X Cleanup and WPML Import plugin <= 3.0.1 - Broken Access Control vulnerability |
| CVE-2023-29433 | WordPress tencentcloud-cos plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2023-2945 | Missing Authorization in openemr/openemr |
| CVE-2023-3076 | MStore API < 3.9.9 - Unauthenticated Privilege Escalation |
| CVE-2023-30783 | WordPress Smart WooCommerce Search plugin <= 2.5.0 - Broken Access Control |
| CVE-2023-30870 | WordPress Sharkdropship for AliExpress Dropship and Affiliate plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilitie... |
| CVE-2023-1299 | Nomad Job Submitter Privilege Escalation Using Workload Identity |
| CVE-2023-23611 | xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation |
| CVE-2023-23639 | WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2023-23640 | WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2023-23672 | WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability |
| CVE-2023-23814 | WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability |
| CVE-2023-23823 | WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2023-23825 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability |
| CVE-2023-23834 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerabilit... |
| CVE-2023-23848 | Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission... |
| CVE-2023-23850 | A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permissio... |
| CVE-2023-23854 | SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perfo... |
| CVE-2023-23868 | WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2023-23882 | WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control |
| CVE-2023-23886 | WordPress WP-RecentComments plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-23887 | WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-23893 | WordPress Simple Giveaways plugin <= 2.48.0 - Broken Access Control vulnerability |
| CVE-2023-23895 | WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability |
| CVE-2023-23896 | WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control |
| CVE-2023-32240 | WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability |
| CVE-2023-32293 | WordPress WRC Pricing Tables plugin <= 2.3.7 - Broken Access Control vulnerability |
| CVE-2023-32295 | WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability |
| CVE-2023-32299 | WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability |
| CVE-2023-3230 | Missing Authorization in fossbilling/fossbilling |
| CVE-2023-32311 | The CloudExplorer Lite missing permissions check |
| CVE-2023-32316 | Users can add themselves to any organization in CloudExplorer Lite |
| CVE-2023-32506 | WordPress Link Whisper Free plugin <= 0.6.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-32507 | WordPress Woo Custom Emails plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2023-32519 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2023-32520 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2023-32574 | WordPress Injection Guard plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-32581 | WordPress WP-Chatbot for Messenger plugin <= 4.7 - Broken Access Control |
| CVE-2023-32585 | WordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2023-32586 | WordPress SoundCloud Is Gold plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2023-32593 | WordPress GS Pins for Pinterest plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2023-32599 | WordPress reCAPTCHA for all plugin <= 1.22 - Broken Access Control vulnerability |
| CVE-2023-32601 | WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerability |
| CVE-2023-32677 | Users who can send invitations can erroneously add users to streams during invitation in Zulip |
| CVE-2023-32798 | WordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2023-32963 | WordPress Predictive Search for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability |
| CVE-2023-33215 | WordPress Taggbox plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2023-33321 | WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure |
| CVE-2023-33324 | WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2023-3365 | MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion |
| CVE-2023-33922 | WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2023-33923 | Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes |
| CVE-2023-33928 | WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2023-33948 | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media f... |
| CVE-2023-33968 | Missing Access Control allows User to move and duplicate tasks in Kanboard |
| CVE-2023-33970 | Missing access control in internal task links feature in Kanboard |
| CVE-2023-33992 | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA |
| CVE-2023-33994 | WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability |
| CVE-2023-33995 | WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability |
| CVE-2023-33996 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability |
| CVE-2023-33998 | WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability |
| CVE-2023-34003 | WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability |
| CVE-2023-34009 | WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.1 - Broken Access Control + CSRF |
| CVE-2023-34014 | WordPress Grid Plus plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2023-34019 | WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability |
| CVE-2023-34186 | WordPress Headless CMS plugin <= 2.0.3 - Broken Authentication vulnerability |
| CVE-2023-34234 | Governor proposal creation may be blocked by frontrunning in OpenZeppelin |
| CVE-2023-34376 | WordPress Change WooCommerce Add To Cart Button Text plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2022-45819 | WordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerability |
| CVE-2022-45826 | WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability |
| CVE-2022-45830 | WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability |
| CVE-2022-45832 | WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability |
| CVE-2022-45840 | WordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerability |
| CVE-2022-45841 | WordPress Robo Gallery plugin <= 3.2.9 - Auth. Broken Access Control vulnerability |
| CVE-2022-45851 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability |
| CVE-2023-21450 | Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's... |
| CVE-2023-2233 | Missing Authorization in GitLab |
| CVE-2023-23975 | WordPress Quick Event Manager plugin <= 9.7.4 - Broken Access Control vulnerability |
| CVE-2023-23985 | WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing |
| CVE-2023-23986 | WordPress Reviews and Rating – Google My Business plugin <= 4.14 - Broken Access Control vulnerability |
| CVE-2023-23988 | WordPress My Tickets plugin <= 1.9.11 - Payment Bypass Vulnerability |
| CVE-2023-2414 | Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary... |
| CVE-2023-25454 | WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2023-25455 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deleti... |
| CVE-2023-25457 | WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability |
| CVE-2023-25469 | WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability |
| CVE-2023-25486 | WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability |
| CVE-2023-25552 | A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deletin... |
| CVE-2023-25573 | Improper access control to download file in metersphere |
| CVE-2023-25791 | WordPress Fontiran plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2023-25799 | WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities |
| CVE-2023-2590 | Missing Authorization in answerdev/answer |
| CVE-2023-25959 | WordPress Apollo13 Framework Extensions plugin <= 1.8.10 - Broken Access Control |
| CVE-2023-25966 | WordPress FileBird plugin <= 5.1.4 - Broken Access Control vulnerability |
| CVE-2023-25988 | WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability |
| CVE-2023-25993 | WordPress Top 10 – Popular posts plugin for WordPress plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2023-25997 | WordPress Sola Support Ticket <= 3.17 - Arbitrary Content Deletion Vulnerability |
| CVE-2023-26002 | WordPress 6Storage Rentals <= 2.19.5 - Broken Access Control Vulnerability |
| CVE-2023-26035 | ZoneMinder vulnerable to Missing Authorization |
| CVE-2023-26269 | Apache James server: Privilege escalation through unauthenticated JMX |
| CVE-2023-2627 | KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2023-27428 | WordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerability |
| CVE-2023-27437 | WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability |
| CVE-2023-27449 | WordPress Total Poll Lite plugin <= 4.8.6 - Broken Access Control vulnerability |
| CVE-2023-27454 | WordPress Rife Elementor Extensions & Templates plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2023-27456 | WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-27460 | WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-27462 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected app... |
| CVE-2023-27607 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability |
| CVE-2023-27608 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2023-27625 | WordPress Site Reviews plugin <= 6.5.0 - Broken Access Control vulnerability |
| CVE-2023-27626 | WordPress Stock Ticker plugin <= 3.23.0 - Broken Access Control vulnerability |
| CVE-2023-2783 | App Framework does not checks for the secret provided in the incoming webhook request |
| CVE-2023-2784 | Apps Framework allows install requests from regular members via an internal path |
| CVE-2023-2786 | Channel commands execution doesn't properly verify permissions |
| CVE-2023-2787 | Collapsed Reply Threads APIs leak message contents from private channels |
| CVE-2023-2788 | Deactivated user can retain access using oauth2 api |
| CVE-2023-2791 | Playbooks lets you edit arbitrary posts |
| CVE-2023-28532 | WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-28536 | WordPress Branded Social Images plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-28623 | Unauthorized user can register an account in specific configurations in Zulip |
| CVE-2023-29173 | WordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-29174 | WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability |
| CVE-2023-29529 | matrix-js-sdk vulnerable to invisible eavesdropping in group calls |
| CVE-2023-30476 | WordPress Blogger Buzz theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-30479 | WordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2023-30480 | WordPress Educenter theme <= 1.5.5 - Broken Access Control |
| CVE-2023-30486 | WordPress Square theme <= 2.0.0 - Broken Access Control |
| CVE-2023-30488 | WordPress Featured Post Creative plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-30490 | WordPress Easing Slider plugin <= 3.0.8 - Plugin Settings Reset Vulnerability |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2023-31080 | WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability |
| CVE-2023-31214 | WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2023-31234 | WordPress Tilda Publishing plugin <= 0.3.23 - Broken Access Control vulnerability |
| CVE-2023-3131 | MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update |
| CVE-2023-32094 | WordPress Extended Post Status plugin <= 1.0.19 - Broken Access Control vulnerability |
| CVE-2023-32112 | Missing Authorization Check in Vendor Master Hierarchy |
| CVE-2023-32117 | WordPress Integrate Google Drive plugin <= 1.1.99 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-32126 | WordPress SALERT plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-32127 | WordPress Multi Rating plugin <= 5.0.6 - Unauth Arbitrary rating value change |
| CVE-2023-32129 | WordPress Editorialmag theme <= 1.1.9 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-36607 | CVE-2023-36607 |
| CVE-2023-36676 | WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability |
| CVE-2023-36680 | WordPress Image Regenerate & Select Crop plugin <= 7.1.0 - Broken Access Control vulnerability |
| CVE-2023-36681 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2023-36683 | WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-36684 | WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2023-36694 | WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability |
| CVE-2023-36695 | WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability |
| CVE-2023-37860 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels |
| CVE-2023-37862 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels |
| CVE-2023-37869 | WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2023-30873 | WordPress WP Docs plugin <= 1.9.8 - Broken Access Control |
| CVE-2023-3442 | Missing Authorization in Jenkins plug-in for ServiceNow DevOps |
| CVE-2023-34463 | Unauthorized users can delete applications in DataEase |
| CVE-2023-35037 | WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability |
| CVE-2023-35040 | WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability |
| CVE-2023-35045 | WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-35046 | WordPress Dynamic Visibility for Elementor plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2023-35049 | WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-35050 | WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability |
| CVE-2023-35051 | WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2023-35052 | WordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerability |
| CVE-2023-35093 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control |
| CVE-2023-35164 | Unauthorized users can manipulate a dashboard created by an administrator in DataEase |
| CVE-2023-35777 | WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability |
| CVE-2023-3587 | Inconsistent state in UI after boards permission change by system admin |
| CVE-2023-35875 | WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2023-35937 | Metersphere missing permission check |
| CVE-2023-35998 | ITM Server Missing Authorization in SOAP Endpoints |
| CVE-2023-36000 | ITM Server Missing Authorization for Agent Config |
| CVE-2023-36002 | ITM Server Missing Authorization for URL validation |
| CVE-2023-36504 | WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2023-36506 | WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability |
| CVE-2023-36509 | WordPress CHP Ads Block Detector plugin <= 3.9.5 - Broken Access Control vulnerability |
| CVE-2023-36510 | WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability |
| CVE-2023-36512 | WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability |
| CVE-2023-36515 | WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-36516 | WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability |
| CVE-2023-36518 | WordPress Post Hit Counter plugin <= 1.3.2 - Broken Access Control |
| CVE-2023-36519 | WordPress SW Product Bundles plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2023-36526 | WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2023-36528 | WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability |
| CVE-2023-36531 | WordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerability |
| CVE-2023-36815 | Sealos billing system permission control defect |
| CVE-2023-37394 | WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2023-37910 | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move |
| CVE-2023-37967 | WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability |
| CVE-2023-37969 | WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2023-37971 | WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-37984 | WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability |
| CVE-2023-37987 | WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2023-37989 | WordPress Easyship WooCommerce Shipping Rates plugin <= 0.9.0 - Broken Access Control vulnerability |
| CVE-2023-38102 | NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability |
| CVE-2023-38383 | WordPress Language plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-38385 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability |
| CVE-2023-38386 | WordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-38393 | WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability |
| CVE-2023-38394 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability |
| CVE-2023-38395 | WordPress WP Clone Menu plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2023-38475 | WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Broken Access Control vulnerability |
| CVE-2023-38477 | WordPress QR code MeCard/vCard generator plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-38479 | WordPress Simple Googlebot Visit plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2023-40203 | WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control |
| CVE-2023-37870 | WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability |
| CVE-2023-37872 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability |
| CVE-2023-37885 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2023-37886 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2023-37887 | WordPress WPSchoolPress plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-37890 | WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control |
| CVE-2023-39544 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSC... |
| CVE-2023-39920 | WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability |
| CVE-2023-39922 | WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability |
| CVE-2023-39966 | 1Panel arbitrary file write vulnerability exists in the background |
| CVE-2023-39990 | WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2023-39993 | WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2023-39994 | WordPress ARMember Premium plugin <= 5.9.2 - Broken Access Control |
| CVE-2023-39995 | WordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerability |
| CVE-2023-39996 | WordPress Accordion and Accordion Slider plugin <= 1.2.4 - Broken Access Control |
| CVE-2023-39997 | WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control Vulnerability |
| CVE-2023-38480 | WordPress Booster Elementor Addons plugin <= 1.4.9 - Broken Access Control vulnerability |
| CVE-2023-38483 | WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2023-38508 | Tuleap allows preview of a linked artifact with a type does not respect permissions |
| CVE-2023-38510 | Tolgee Lacks Permission Check for API Key for some endpoints |
| CVE-2023-38514 | WordPress Social Share Icons & Social Share Buttons plugin <= 3.5.7 - Broken Access Control vulnerability |
| CVE-2023-39167 | SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability |
| CVE-2023-39298 | QTS, QuTS hero |
| CVE-2023-39305 | WordPress Yet Another Stars Rating plugin <= 3.4.3 - Broken Access Control vulnerability |
| CVE-2023-39310 | WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability |
| CVE-2023-39312 | WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability |
| CVE-2023-39438 | Missing Authorization check allows certain operations on CLA Assistant data |
| CVE-2023-40001 | WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability |
| CVE-2023-40003 | WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-40004 | Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins |
| CVE-2023-40005 | WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control |
| CVE-2023-40011 | WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability |
| CVE-2023-40027 | Conditionally missing authorization in @keystone-6/core |
| CVE-2023-41130 | WordPress Premmerce User Roles plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2023-41132 | WordPress Category Slider for WooCommerce plugin <= 1.4.15 - Broken Access Control vulnerability |
| CVE-2023-39998 | WordPress BeTheme theme <= 27.1.1 - Author+ Broken Access Control vulnerability |
| CVE-2023-4059 | Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation |
| CVE-2023-40603 | WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability |
| CVE-2023-40608 | WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-40625 | Missing Authorization check in SAP Manage Purchase Contracts App |
| CVE-2023-40670 | WordPress ReviewX plugin <= 1.6.17 - Broken Access Control vulnerability |
| CVE-2023-40672 | WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2023-40678 | WordPress Simple URLs plugin <= 117 - Broken Access Control vulnerability |
| CVE-2023-41046 | Velocity execution without script rights in Xwiki platform |
| CVE-2023-4105 | Attachment of deleted message in a thread remains accessible and downloadable |
| CVE-2023-4106 | A guest user can perform various actions on public playbooks |
| CVE-2023-41296 | Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integri... |
| CVE-2023-41649 | WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2023-41651 | WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability |
| CVE-2023-41664 | WordPress Easy Newsletter Signups plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2023-41671 | WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-41683 | WordPress TelSender plugin <= 1.14.11 - Broken Access Control + CSRF vulnerability |
| CVE-2023-41688 | WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.5 - Broken Access Control vulnerability |
| CVE-2023-41689 | WordPress Post to Google My Business (Google Business Profile) plugin <= 3.1.14 - Broken Access Control vulnerability |
| CVE-2023-41690 | WordPress WiserNotify Social Proof plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-41695 | WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability |
| CVE-2023-42473 | Missing Authorization Check In S/4HANA (Manage Withholding Tax Items) |
| CVE-2023-4302 | Missing permission checks in Fortify Plugin allow capturing credentials |
| CVE-2023-43652 | Non-MFA account takeover via using only SSH public key to login in jumpserver |
| CVE-2023-43700 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no n... |
| CVE-2023-44142 | WordPress Inactive Logout plugin <= 3.2.2 - Broken Access Control vulnerability |
| CVE-2023-44147 | WordPress Comment Blacklist Updater plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-44148 | WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-44149 | WordPress Brands for WooCommerce plugin <= 3.8.2.2 - Broken Access Control vulnerability |
| CVE-2023-44151 | WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2023-44208 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44210 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44211 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44212 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-40209 | WordPress Highcompress Image Compressor plugin <= 6.0.0 - Broken Access Control vulnerability |
| CVE-2023-40213 | WordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2023-4024 | Radio Player <= 2.0.73 - Missing Authorization to Player Deletion |
| CVE-2023-4025 | Radio Player <= 2.0.73 - Missing Authorization to Player Update |
| CVE-2023-4027 | Radio Player <= 2.0.73 - Missing Authorization to Settings Update |
| CVE-2023-40327 | WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-40331 | WordPress Accordion Slider plugin <= 1.9.6 - Broken Access Control vulnerability |
| CVE-2023-40334 | WordPress HUSKY – Products Filter for WooCommerce Professional plugin <= 1.3.4.2 - Broken Access Control vulnerability |
| CVE-2023-40376 | IBM UrbanCode Deploy (UCD) improper authentication controls |
| CVE-2023-45045 | WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2023-45061 | WordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerability |
| CVE-2023-45101 | WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability |
| CVE-2023-45104 | WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-45110 | WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2023-45631 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-4124 | Missing Authorization in answerdev/answer |
| CVE-2023-41240 | WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability |
| CVE-2023-41750 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-41802 | WordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerability |
| CVE-2023-41803 | WordPress BitPay Checkout for WooCommerce plugin <= 4.1.0 - Broken Access Control vulnerability |
| CVE-2023-41805 | Broken Access Control vulnerability in multiple Brainstorm Force plugins |
| CVE-2023-41848 | WordPress Carousel Slider plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2023-41849 | WordPress Posts Like Dislike plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-41857 | WordPress Click To Tweet plugin <= 2.0.14 - Broken Access Control vulnerability |
| CVE-2023-41865 | WordPress Slider Pro plugin <= 4.8.6 - Broken Access Control vulnerability |
| CVE-2023-41866 | WordPress Automatic YouTube Gallery plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2023-41869 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.4 - Broken Access Control vulnerability |
| CVE-2023-41870 | WordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2023-41873 | WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability |
| CVE-2023-41875 | WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2023-41951 | WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability |
| CVE-2023-45633 | WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2023-45636 | WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2023-45649 | WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability |
| CVE-2023-45658 | WordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-4700 | Missing Authorization in GitLab |
| CVE-2023-47112 | Authenticated users can view job names and groups they do not have authorization to view in Rundeck |
| CVE-2023-41952 | WordPress Fluent Forms plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2023-41953 | WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability |
| CVE-2023-4198 | Dolibarr ERP CRM (<= 17.0.3) Improper Access Control |
| CVE-2023-46146 | WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability |
| CVE-2023-46148 | WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability |
| CVE-2023-46188 | WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-46195 | WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2023-46196 | WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability |
| CVE-2023-46203 | WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability |
| CVE-2023-46206 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability |
| CVE-2023-46212 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control |
| CVE-2023-4630 | Missing Authorization in GitLab |
| CVE-2023-46309 | WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability |
| CVE-2023-46605 | WordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-46606 | WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2023-46607 | WordPress WP iCal Availability plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2023-47148 | IBM Storage Protect Plus Server information disclosure |
| CVE-2023-47179 | WordPress WooODT Lite plugin <= 2.4.6 - Arbitrary Site Option Update vulnerability |
| CVE-2023-47180 | WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulner... |
| CVE-2023-47183 | WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability |
| CVE-2023-47187 | WordPress Animated Rotating Words plugin <= 5.4 - Broken Access Control vulnerability |
| CVE-2023-47188 | WordPress Simple Job Board plugin <= 2.10.5 - Broken Access Control vulnerability |
| CVE-2023-44214 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-44227 | WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Arbitrary File Deletion |
| CVE-2023-44234 | WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability |
| CVE-2023-44258 | WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability |
| CVE-2023-4434 | Missing Authorization in hamza417/inure |
| CVE-2023-44472 | WordPress Unyson plugin <= 2.7.28 - Broken Access Control vulnerability |
| CVE-2023-4468 | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-44988 | WordPress WP Custom Admin Interface plugin <= 7.32 - Broken Access Control vulnerability |
| CVE-2023-45000 | WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Broken Access Control on API vulnerability |
| CVE-2023-45002 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability |
| CVE-2023-45240 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45242 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45243 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45244 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-45245 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45246 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-45247 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-47224 | WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability |
| CVE-2023-47225 | WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability |
| CVE-2023-47241 | WordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerability |
| CVE-2023-4730 | LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint |
| CVE-2023-47515 | WordPress Seers | GDPR & CCPA Cookie Consent & Compliance plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2023-47681 | WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2023-47689 | WordPress Animator plugin <= 3.0.10 - Unauthenticated Plugin Settings Change Vulnerability |
| CVE-2023-47692 | WordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerability |
| CVE-2023-47693 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2023-47694 | WordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2023-47698 | WordPress Japanized For WooCommerce plugin <= 2.6.4 - Multiple Broken Access Control vulnerability |
| CVE-2023-47754 | WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control |
| CVE-2023-47756 | WordPress Welcome Email Editor plugin <= 5.0.6 - Broken Access Control vulnerability |
| CVE-2023-47757 | WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control |
| CVE-2023-47760 | WordPress Essential Blocks plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2023-34379 | WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control |
| CVE-2023-34381 | WordPress Zippy plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-34387 | WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-45760 | WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability |
| CVE-2023-45765 | WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability |
| CVE-2023-45766 | WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2023-45828 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability |
| CVE-2023-4606 | An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. ... |
| CVE-2023-46073 | WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF |
| CVE-2023-46079 | WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46080 | WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2023-46082 | WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability |
| CVE-2023-46083 | WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability |
| CVE-2023-48375 | SmartStar Software CWS Web-Base - Broken Access Control |
| CVE-2023-48676 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-48683 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-48684 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-48739 | WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability |
| CVE-2023-48740 | WordPress Easy Social Feed plugin <= 6.5.1 - Broken Access Control vulnerability |
| CVE-2023-48750 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability |
| CVE-2023-48751 | WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control |
| CVE-2023-48758 | WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2023-48759 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability |
| CVE-2023-48760 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-48761 | WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability |
| CVE-2023-48774 | WordPress IdeaPush plugin < 8.58 - Broken Access Control vulnerability |
| CVE-2023-48775 | WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability |
| CVE-2023-48776 | WordPress canvasio3D Light plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2023-48779 | WordPress 360 Javascript Viewer plugin <= 1.7.11 - Broken Access Control vulnerability |
| CVE-2023-4895 | Missing Authorization in GitLab |
| CVE-2023-49154 | WordPress Button Generator – easily Button Builder plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2023-49156 | WordPress GoDaddy Email Marketing plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2023-49167 | WordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2023-49192 | WordPress Enhanced Text Widget plugin <= 1.6.3 - Broken Access Control vulnerability |
| CVE-2023-49193 | WordPress Grow Social plugin <= 1.30.0 - Broken Access Control vulnerability |
| CVE-2023-49196 | WordPress Pagelayer plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2023-49620 | Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for |
| CVE-2023-49742 | WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerability |
| CVE-2023-49754 | WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Broken Access Control vulnerability |
| CVE-2023-49755 | WordPress Elementor Timeline Widget plugin <= 2.2 - Notice Dismissal Vulnerability |
| CVE-2023-49756 | WordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal Vulnerability |
| CVE-2023-49757 | WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability |
| CVE-2023-49758 | WordPress WP Booking System plugin <= 2.0.19.2 - Broken Access Control vulnerability |
| CVE-2023-49817 | WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-49818 | WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2023-49831 | WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability |
| CVE-2023-49832 | WordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerability |
| CVE-2023-49835 | WordPress Post Duplicator plugin <= 2.31 - Broken Access Control vulnerability |
| CVE-2023-49845 | WordPress Redirects plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-49848 | WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2023-49849 | WordPress Shortcoder plugin <= 6.3 - Broken Access Control vulnerability |
| CVE-2023-49850 | WordPress WP Simple HTML Sitemap plugin <= 2.7 - Broken Access Control vulnerability |
| CVE-2023-49851 | WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability |
| CVE-2023-49856 | WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability |
| CVE-2023-49857 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2023-49858 | WordPress Custom Login plugin <= 4.1.0 - Broken Access Control vulnerability |
| CVE-2023-49859 | WordPress Login With Ajax plugin <= 4.1 - Broken Access Control vulnerability |
| CVE-2023-49861 | WordPress Social Media Feather plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-50373 | WordPress Alt Manager plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2023-50375 | WordPress Translate WordPress – Google Language Translator plugin <= 6.0.19 - Broken Access Control vulnerability |
| CVE-2023-5056 | Skupper-operator: privelege escalation via config map |
| CVE-2023-5061 | Missing Authorization in GitLab |
| CVE-2023-5165 | Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell |
| CVE-2023-51650 | Unauthorized access vulnerability on three interfaces |
| CVE-2023-51670 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability |
| CVE-2023-51671 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Plugin Settings Change vulnerability |
| CVE-2023-51672 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Unauthenticated Arbitrary Post/Page Deletion vulnerability |
| CVE-2023-51679 | WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2023-51680 | WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-51682 | WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2023-51692 | WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control |
| CVE-2023-52117 | WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability |
| CVE-2023-52177 | WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2023-52179 | WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-52183 | WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2023-52186 | WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-52199 | WordPress ActivityPub plugin <= 1.0.5 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-52211 | WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-52214 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2023-52217 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2023-45271 | WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-45272 | WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability |
| CVE-2023-45275 | WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability |
| CVE-2023-47523 | WordPress Auto Tag Creator plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2023-47557 | WordPress Visitor Traffic Real Time Statistics plugin <= 7.2 - Broken Access Control vulnerability |
| CVE-2023-47647 | WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability |
| CVE-2023-47648 | WordPress EazyDocs plugin <= 2.3.5 - Broken Access Control vulnerability |
| CVE-2023-47661 | WordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerability |
| CVE-2023-50850 | WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability |
| CVE-2023-50876 | WordPress Molongui plugin <= 4.7.3 - Broken Access Control vulnerability |
| CVE-2023-50877 | WordPress Product Filter by WBW plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2023-50882 | WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability |
| CVE-2023-50884 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2023-50887 | WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2023-50898 | WordPress Image Optimizer, Resizer and CDN – Sirv plugin <= 7.1.2 - Broken Access Control vulnerability |
| CVE-2023-50899 | WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability |
| CVE-2023-50903 | WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2023-50904 | WordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerability |
| CVE-2023-50944 | Apache Airflow: Bypass permission verification to read code of other dags |
| CVE-2023-51353 | WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control vulnerability |
| CVE-2023-51355 | WordPress MultiVendorX plugin <= 4.0.23 - Broken Access Control vulnerability |
| CVE-2023-51357 | WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 -... |
| CVE-2023-51359 | WordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerability |
| CVE-2023-51360 | WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability |
| CVE-2023-51362 | WordPress myStickyElements plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-51375 | WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2023-51376 | WordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerability |
| CVE-2023-51377 | WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-51413 | WordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerability |
| CVE-2023-51418 | WordPress JVM rich text icons plugin <= 1.2.6 - Arbitrary File Deletion vulnerability |
| CVE-2023-51494 | WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2023-51495 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-51496 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-46608 | WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability |
| CVE-2023-46609 | WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-46610 | WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46612 | WordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2023-46616 | WordPress Draw Attention plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2023-46628 | WordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2023-46631 | WordPress Product Recommendation Quiz for eCommerce plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2023-46632 | WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2023-46633 | WordPress WP Glossary plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2023-46635 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2023-46637 | WordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2023-46639 | WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability |
| CVE-2023-46644 | WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2023-48222 | Authenticated users can view or delete jobs they do not have authorization for in Rundeck |
| CVE-2023-48273 | WordPress Preloader for Website plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-48274 | WordPress WCMultiShipping plugin <= 2.3.5 - Broken Access Control vulnerability |
| CVE-2023-48277 | WordPress Super Progressive Web Apps plugin <= 2.2.21 - Broken Access Control vulnerability |
| CVE-2023-48280 | WordPress Consensu.io plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2023-48286 | WordPress Accept Stripe Payments plugin <= 2.0.79 - Broken Access Control vulnerability |
| CVE-2023-48287 | WordPress TextMe SMS plugin <= 1.9.0 - Broken Access Control vulnerability |
| CVE-2023-48324 | WordPress Awesome Support HelpDesk plugin <= 6.1.4 - Broken Access control vulnerability |
| CVE-2023-48332 | WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 4.0.14 - Broken Access Control vulnerability |
| CVE-2023-5331 | File Information Leak via IDOR in file_id in Draft Posts |
| CVE-2023-5509 | myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion |
| CVE-2023-5525 | Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update |
| CVE-2023-5559 | 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion |
| CVE-2023-5600 | Missing Authorization in GitLab |
| CVE-2023-5611 | Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import |
| CVE-2023-5612 | Missing Authorization in GitLab |
| CVE-2023-5651 | WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2023-6020 | Ray Static File Local File Include |
| CVE-2023-6029 | EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management |
| CVE-2023-52220 | WordPress MonsterInsights plugin <= 8.21.0 - Broken Access Control vulnerability |
| CVE-2023-52224 | WordPress Revolut Gateway for WooCommerce plugin <= 4.9.7 - Broken Access Control vulnerability |
| CVE-2023-52227 | WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2023-52229 | WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2023-52230 | WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability |
| CVE-2023-52232 | WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability |
| CVE-2023-52233 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerability |
| CVE-2023-5321 | Missing Authorization in hamza417/inure |
| CVE-2023-5737 | WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update |
| CVE-2023-5862 | Missing Authorization in hamza417/inure |
| CVE-2023-5905 | DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export |
| CVE-2023-5949 | SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure |
| CVE-2023-7202 | Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending |
| CVE-2023-7203 | Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion |
| CVE-2023-7268 | ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion |
| CVE-2023-7287 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' |
| CVE-2023-7288 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference' |
| CVE-2023-7289 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys' |
| CVE-2023-51497 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability |
| CVE-2023-51498 | WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2023-51499 | WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2023-51500 | WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability |
| CVE-2023-51507 | WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability |
| CVE-2023-51515 | WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability |
| CVE-2023-51516 | WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnera... |
| CVE-2023-51519 | WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2023-51523 | WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability |
| CVE-2023-51524 | WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability |
| CVE-2023-51526 | WordPress Simple Staff List plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2023-51537 | WordPress Awesome Support plugin <= 6.1.5 - Broken Access Control vulnerability |
| CVE-2023-6257 | Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read |
| CVE-2023-6279 | Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS |
| CVE-2023-6394 | Quarkus: graphql operations over websockets bypass |
| CVE-2023-6554 | Missing authorisation in TCExam |
| CVE-2023-6840 | Missing Authorization in GitLab |
| CVE-2023-7290 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles' |
| CVE-2023-7291 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account' |
| CVE-2023-7292 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss' |
| CVE-2023-7293 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details' |
| CVE-2023-7294 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile' |
| CVE-2023-7306 | Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2023-7317 | Nagios XI < 2024R1 Web SSH Terminal Missing Access Control |
| CVE-2024-0394 | Rapid7 Minerva Armor Privilege Escalation |
| CVE-2024-0779 | Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking |
| CVE-2024-0780 | Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset |
| CVE-2024-0949 | Improper Access Control in Talya Informatics' Elektraweb |
| CVE-2024-10216 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Additio... |
| CVE-2024-10486 | Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File |
| CVE-2024-10520 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion |
| CVE-2023-6038 | Local File Inclusion in h2oai/h2o-3 |
| CVE-2023-6048 | Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-6066 | WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update |
| CVE-2023-6077 | Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access |
| CVE-2023-6139 | Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update |
| CVE-2024-0122 | NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauth... |
| CVE-2024-0138 | NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit o... |
| CVE-2024-0235 | EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure |
| CVE-2024-0236 | EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure |
| CVE-2024-0237 | EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update |
| CVE-2024-0238 | EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update |
| CVE-2024-0248 | EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management |
| CVE-2024-10272 | Broken Access Control in lunary-ai/lunary |
| CVE-2024-10274 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-10294 | CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change |
| CVE-2024-10326 | RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets |
| CVE-2023-47761 | WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.7 - Broken Access Control vulnerability |
| CVE-2023-47762 | WordPress BetterDocs plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2023-47763 | WordPress WP Custom Admin Interface plugin <= 7.31 - Broken Access Control vulnerability |
| CVE-2023-47764 | WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability |
| CVE-2023-47770 | WordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-47771 | WordPress Essential Grid plugin <= 3.0.18 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2024-10527 | Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure |
| CVE-2024-10528 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update |
| CVE-2024-10529 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Deletion |
| CVE-2024-10530 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition |
| CVE-2024-10531 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Update |
| CVE-2024-10532 | Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import |
| CVE-2024-10533 | WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-10535 | Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion |
| CVE-2024-10536 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Autho... |
| CVE-2024-10537 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Met... |
| CVE-2024-10542 | Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticate... |
| CVE-2024-10543 | Tumult Hype Animations <= 1.9.14 - Missing Authorization |
| CVE-2024-10567 | TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access |
| CVE-2024-10574 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Creden... |
| CVE-2024-10575 | CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and pote... |
| CVE-2023-6955 | Missing Authorization in GitLab |
| CVE-2024-10003 | Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2024-10008 | Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization... |
| CVE-2024-10078 | WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2024-10092 | Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation |
| CVE-2024-10363 | Improper Access Control in danny-avila/LibreChat |
| CVE-2024-10390 | Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-10399 | Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-10402 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contr... |
| CVE-2024-10437 | WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactiv... |
| CVE-2024-10606 | WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2024-10614 | Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation |
| CVE-2024-10629 | GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation |
| CVE-2024-10663 | Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submi... |
| CVE-2024-10664 | Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+... |
| CVE-2024-10665 | Yaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/Deletion |
| CVE-2024-10673 | Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2024-10674 | Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2024-10813 | Product Table for WooCommerce by CodeAstrology (wooproducttable.com) <= 3.5.1 - Information Exposure |
| CVE-2024-10824 | Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Acc... |
| CVE-2024-10852 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export |
| CVE-2024-10853 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion |
| CVE-2024-10854 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import |
| CVE-2024-10860 | NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation... |
| CVE-2024-10861 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited... |
| CVE-2024-10866 | Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export |
| CVE-2024-10897 | Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation |
| CVE-2024-10579 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure |
| CVE-2024-10580 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission |
| CVE-2024-10582 | Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Te... |
| CVE-2024-10586 | Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation |
| CVE-2024-10588 | Debug Tool <= 2.2 - Missing Authorization to Information Exposure |
| CVE-2024-10589 | Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-10591 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Autho... |
| CVE-2024-11069 | WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion |
| CVE-2024-11085 | WP Log Viewer <= 1.2.1 - Missing Authorization |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart,... |
| CVE-2024-11125 | GetSimpleCMS profile.php cross-site request forgery |
| CVE-2024-11133 | Eventer <= 3.9.9 - Missing Authorization to Unauthenticated Event Ticket Download |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export |
| CVE-2024-11154 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Au... |
| CVE-2024-11194 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary O... |
| CVE-2024-10330 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-10717 | Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license |
| CVE-2024-10728 | PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation |
| CVE-2024-10762 | Missing Authorization in lunary-ai/lunary |
| CVE-2024-10783 | MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation |
| CVE-2024-10786 | Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing |
| CVE-2024-10800 | WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-10802 | Hash Elements <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title Exposure |
| CVE-2024-11496 | Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update |
| CVE-2024-11673 | 1000 Projects Bookstore Management System cross-site request forgery |
| CVE-2024-11709 | AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion |
| CVE-2024-11715 | WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation |
| CVE-2024-11724 | Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Mi... |
| CVE-2024-11725 | SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options... |
| CVE-2024-11743 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery |
| CVE-2023-47776 | WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation |
| CVE-2024-11354 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Pla... |
| CVE-2024-11355 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Expos... |
| CVE-2024-11401 | Rapid7 Insight Platform Privilege Escalation Vulnerability |
| CVE-2024-11423 | Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch |
| CVE-2024-11443 | de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11583 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font... |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart,... |
| CVE-2024-11643 | Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update |
| CVE-2024-12071 | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unaut... |
| CVE-2024-12104 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-12110 | Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation |
| CVE-2024-12113 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missin... |
| CVE-2024-12129 | Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2023-47778 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2024-12155 | SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update |
| CVE-2024-12158 | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table... |
| CVE-2024-12164 | WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+... |
| CVE-2024-12171 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege... |
| CVE-2024-12172 | WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authoriza... |
| CVE-2024-12176 | WordLift – AI powered SEO – Schema <= 3.54.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-12184 | WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download |
| CVE-2024-12190 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2... |
| CVE-2024-12201 | Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation |
| CVE-2024-12202 | Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax |
| CVE-2024-12204 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization |
| CVE-2024-12210 | Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion |
| CVE-2024-12244 | Missing Authorization in GitLab |
| CVE-2024-12249 | GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection |
| CVE-2024-12253 | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscr... |
| CVE-2024-10900 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitra... |
| CVE-2024-11270 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Crea... |
| CVE-2024-11271 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates |
| CVE-2024-11281 | WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change |
| CVE-2024-11323 | AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11334 | My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export |
| CVE-2024-11353 | SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion |
| CVE-2024-11911 | WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation |
| CVE-2024-11916 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Si... |
| CVE-2024-11918 | Image Alt Text <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update |
| CVE-2024-11926 | Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions |
| CVE-2024-11929 | Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-11936 | Zox News <= 3.16.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11816 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Exe... |
| CVE-2024-11840 | RapidLoad – Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings... |
| CVE-2024-11844 | IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion |
| CVE-2024-11848 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-11851 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update |
| CVE-2024-11852 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing... |
| CVE-2024-12259 | CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation |
| CVE-2024-12263 | Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete |
| CVE-2024-12265 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure |
| CVE-2024-12266 | ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization |
| CVE-2024-12269 | Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export |
| CVE-2024-12296 | Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options |
| CVE-2024-12300 | AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2024-12316 | Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export |
| CVE-2024-12365 | W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery |
| CVE-2024-12413 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization |
| CVE-2024-12427 | Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2024-12431 | Missing Authorization in GitLab |
| CVE-2024-12535 | Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure |
| CVE-2024-12542 | linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2024-12544 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing... |
| CVE-2024-12553 | GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability |
| CVE-2024-12558 | WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitiv... |
| CVE-2024-12559 | ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal |
| CVE-2024-12594 | ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation |
| CVE-2024-12596 | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) A... |
| CVE-2024-12606 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GP... |
| CVE-2024-12610 | School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-12611 | School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting |
| CVE-2023-47780 | WordPress EasyAzon – Amazon Associates Affiliate Plugin plugin <= 5.1.0 - Broken Access Control vulnerability |
| CVE-2023-47783 | WordPress Thrive Theme Builder theme < 3.24.0 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2024-11972 | Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation |
| CVE-2024-12006 | W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation |
| CVE-2024-12018 | Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion |
| CVE-2024-12026 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation |
| CVE-2024-12027 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions |
| CVE-2024-12028 | Friends <= 3.2.1 - Missing Authorization |
| CVE-2024-12033 | Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync |
| CVE-2024-12711 | RSVP and Event Management <= 2.7.13 - Missing Authorization |
| CVE-2024-12712 | Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates |
| CVE-2024-12713 | SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Discl... |
| CVE-2024-12719 | WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal |
| CVE-2024-12781 | Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content I... |
| CVE-2024-13203 | kurniaramadhan E-Commerce-PHP cross-site request forgery |
| CVE-2023-47788 | WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-47793 | WordPress Acme Fix Images plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2023-47805 | WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability |
| CVE-2023-47807 | WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability |
| CVE-2024-12616 | Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-12617 | WC Price History for Omnibus <= 2.1.3 - Missing Authorization |
| CVE-2024-12618 | Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset |
| CVE-2024-12620 | AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthentic... |
| CVE-2024-12920 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions |
| CVE-2024-12922 | Altair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current |
| CVE-2024-12955 | PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery |
| CVE-2024-13060 | Improper Authorization in mintplex-labs/anything-llm |
| CVE-2024-1307 | Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control |
| CVE-2024-13303 | Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069 |
| CVE-2024-13307 | Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite... |
| CVE-2024-13312 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076 |
| CVE-2024-13316 | Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation |
| CVE-2024-13335 | Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spe... |
| CVE-2024-13358 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authentic... |
| CVE-2023-47820 | WordPress WP Like Button plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2023-47822 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability |
| CVE-2023-47823 | WordPress FormCraft – Contact Form Builder for WordPress plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-47826 | WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2023-47828 | WordPress wpMandrill plugin <= 1.33 - Broken Access Control vulnerability |
| CVE-2023-47830 | WordPress Live Preview for Contact Form 7 plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2023-47832 | WordPress SearchIQ plugin <= 4.4 - Broken Access Control vulnerability |
| CVE-2024-13361 | AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-13364 | Raptive Ads <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset |
| CVE-2024-13367 | Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download |
| CVE-2024-13368 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.1 - Missing Authorizati... |
| CVE-2024-13370 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.2 - Missing Authorizati... |
| CVE-2024-13371 | WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending |
| CVE-2024-13374 | WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disc... |
| CVE-2024-1350 | WordPress Honeypot for WP Comment plugin <= 2.2.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-13513 | Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation |
| CVE-2024-13520 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.6 - Missing Authorization to Unauthenticated Price, Da... |
| CVE-2024-13526 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event At... |
| CVE-2024-13529 | SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download |
| CVE-2024-13530 | Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination |
| CVE-2024-13541 | aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post... |
| CVE-2023-47836 | WordPress WP Meta and Date Remover plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2023-47838 | WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2023-47841 | WordPress Analytify plugin <= 5.1.1 - Broken Access Control vulnerability |
| CVE-2024-12327 | LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-12331 | File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-12336 | WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensit... |
| CVE-2024-12341 | Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Crea... |
| CVE-2024-12349 | JFinalCMS save cross-site request forgery |
| CVE-2024-12810 | JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Admin... |
| CVE-2024-12821 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-12822 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update |
| CVE-2024-12825 | Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates |
| CVE-2024-12826 | GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update |
| CVE-2024-12848 | SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-12855 | AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Atta... |
| CVE-2024-12876 | Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthentica... |
| CVE-2023-47847 | WordPress PayTR Taksit Tablosu plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2023-47849 | WordPress BlossomThemes Email Newsletter plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2023-47870 | WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) |
| CVE-2024-13231 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update |
| CVE-2024-13232 | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (... |
| CVE-2024-13243 | Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007 |
| CVE-2024-13412 | CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler |
| CVE-2024-13415 | Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+)... |
| CVE-2024-13419 | Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-13423 | Sparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/Deactivation |
| CVE-2024-13424 | Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update |
| CVE-2024-13439 | Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13447 | WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval |
| CVE-2024-13449 | Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-13468 | Trash Duplicate and 301 Redirect <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-13719 | PeproDev Ultimate Invoice <= 2.0.8 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure |
| CVE-2024-13737 | Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post De... |
| CVE-2023-47871 | WordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2023-47874 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control |
| CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability |
| CVE-2024-22151 | WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability |
| CVE-2024-13746 | Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_... |
| CVE-2024-13747 | WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection |
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update |
| CVE-2024-13767 | Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13769 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Missing Authorization to Authenticated (Subscriber... |
| CVE-2024-13775 | WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and... |
| CVE-2024-13776 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited... |
| CVE-2024-13780 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary... |
| CVE-2024-13783 | FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php |
| CVE-2024-13800 | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Upd... |
| CVE-2024-13801 | BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update |
| CVE-2024-13810 | Zass - WooCommerce Theme for Handmade Artists and Artisans <= 3.9.9.10 - Missing Authorization to Authenticated (Subscriber+)... |
| CVE-2024-13811 | Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-12879 | WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation |
| CVE-2024-12881 | PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscr... |
| CVE-2024-13994 | Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization |
| CVE-2024-1438 | WordPress Rolo Slider plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2024-1539 | Missing Authorization in GitLab |
| CVE-2024-1662 | Information Disclosure in Porty's PowerBank |
| CVE-2024-1744 | IDOR in Ariva Computer's Accord ORS |
| CVE-2024-1798 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml |
| CVE-2024-1804 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml |
| CVE-2024-2035 | Improper Authorization in zenml-io/zenml |
| CVE-2024-20355 | A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Secur... |
| CVE-2024-20413 | Cisco NX-OS Bash Privilege Escalation Vulnerability |
| CVE-2024-20442 | Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability |
| CVE-2024-20477 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability |
| CVE-2024-21630 | Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to |
| CVE-2024-21748 | WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability |
| CVE-2024-21751 | WordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerability |
| CVE-2024-2292 | Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data |
| CVE-2024-23944 | Apache ZooKeeper: Information disclosure in persistent watcher handling |
| CVE-2024-24703 | WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability |
| CVE-2024-24704 | WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability |
| CVE-2024-13554 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation |
| CVE-2024-13556 | Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated I... |
| CVE-2024-13637 | Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation |
| CVE-2024-13639 | Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion |
| CVE-2024-13643 | Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification |
| CVE-2024-13651 | RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting... |
| CVE-2024-13652 | ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion |
| CVE-2024-13653 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Opt... |
| CVE-2024-13654 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Opt... |
| CVE-2024-13655 | Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option D... |
| CVE-2024-13656 | Click Mag - Viral WordPress News Magazine/Blog Theme <= 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrar... |
| CVE-2024-13677 | GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via... |
| CVE-2024-13686 | VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2024-13687 | Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13698 | Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary... |
| CVE-2024-13703 | CRM and Lead Management by vcita <= 2.7.1 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle |
| CVE-2024-13715 | zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing |
| CVE-2024-13716 | Forex Calculators <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13717 | Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Togg... |
| CVE-2024-24718 | WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability |
| CVE-2024-24719 | WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability |
| CVE-2024-24739 | Missing authorization check in SAP BAM (Bank Account Management) |
| CVE-2024-24741 | Missing Authorization check in SAP Master Data Governance Material |
| CVE-2024-24799 | WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2024-24805 | WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-24822 | Pimcore Admin Classic Bundle permissions are not getting checked when working with tags |
| CVE-2024-24832 | WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability |
| CVE-2024-24833 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability |
| CVE-2024-24835 | WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2024-24840 | WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-2882 | Missing Authorization in SDG Technologies PnPSCADA |
| CVE-2024-2906 | WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-29228 | Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and... |
| CVE-2024-29229 | Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 an... |
| CVE-2024-29240 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.... |
| CVE-2024-29241 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-1... |
| CVE-2024-30216 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-30217 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-30234 | WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-30235 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2024-30459 | WordPress AI WP Writer plugin <= 3.6.5 - Broken Access Control vulnerability |
| CVE-2024-30463 | WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability |
| CVE-2024-30464 | WordPress Social Icons Widget & Block by WPZOOM plugin <= 4.2.15 - Broken Access Control vulnerability |
| CVE-2024-30465 | WordPress PageLayer plugin <= 1.8.1 - Broken Access Control vulnerability |
| CVE-2024-30466 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.4 - Broken Access Control vulnerability |
| CVE-2024-30467 | WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability |
| CVE-2024-13816 | Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Mu... |
| CVE-2024-23503 | WordPress Ninja Tables plugin <= 5.0.6 - Broken Access Control vulnerability |
| CVE-2024-23504 | WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2024-23518 | WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2024-23520 | WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-23521 | WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability |
| CVE-2024-23524 | WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability |
| CVE-2024-25643 | Missing authorization check in SAP Fiori app (My Overtime Requests) |
| CVE-2024-25907 | WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability |
| CVE-2024-25908 | WordPress WP Media folder plugin <= 5.7.2 - Subscriber+ Arbitrary Post/Page Modification vulnerability |
| CVE-2024-25911 | WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-25912 | WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability |
| CVE-2024-25922 | WordPress Peach Payments Gateway plugin <= 3.1.9 - Broken Access Control vulnerability |
| CVE-2024-25929 | WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2024-25935 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability |
| CVE-2024-27190 | WordPress Download Media plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-27900 | Missing Authorization check in SAP ABAP Platform |
| CVE-2024-27906 | Apache Airflow: Dag Code and Import Error Permissions Ignored |
| CVE-2024-27910 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer witho... |
| CVE-2024-27911 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator... |
| CVE-2024-27939 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arb... |
| CVE-2024-27950 | WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control |
| CVE-2024-27953 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control |
| CVE-2024-27970 | WordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-28003 | WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2024-28004 | WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability |
| CVE-2024-31230 | WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability |
| CVE-2024-31242 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability |
| CVE-2024-31243 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Setting Deletion vulnerability |
| CVE-2024-31244 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability |
| CVE-2024-31246 | WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulner... |
| CVE-2024-31248 | WordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerability |
| CVE-2024-31252 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability |
| CVE-2024-31261 | WordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerability |
| CVE-2024-31267 | WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability |
| CVE-2024-31270 | WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2024-24710 | WordPress Feed Them Social plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2024-24711 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2024-24716 | WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability |
| CVE-2024-24850 | WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability |
| CVE-2024-24883 | WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-2508 | WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification |
| CVE-2024-25092 | WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability |
| CVE-2024-26138 | License information is public, exposing instance id and license holder details |
| CVE-2024-2702 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2024-28167 | Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data) |
| CVE-2024-28215 | nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could... |
| CVE-2024-28216 | nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could... |
| CVE-2024-30505 | WordPress Church Admin plugin <= 4.1.18 - Broken Access Control vulnerability |
| CVE-2024-30508 | WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability |
| CVE-2024-30512 | WordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerability |
| CVE-2024-30515 | WordPress Events Manager plugin <= 6.4.6.4 - Broken Access Control vulnerability |
| CVE-2024-30517 | WordPress Sliced Invoices plugin <= 3.9.2 - Broken Access Control vulnerability |
| CVE-2024-30525 | WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2024-30528 | WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability |
| CVE-2024-30529 | WordPress Tainacan plugin <= 0.20.7 - Broken Access Control vulnerability |
| CVE-2024-30534 | WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability |
| CVE-2024-30537 | WordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2024-30538 | WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-30539 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2024-30544 | WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability |
| CVE-2024-31098 | WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2024-31099 | WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability |
| CVE-2024-32509 | WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability |
| CVE-2024-32515 | WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability |
| CVE-2024-32516 | WordPress Multi Currency For WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2024-32517 | WordPress Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin <= 1.4.12 - Broken Access Control vulner... |
| CVE-2024-32518 | WordPress PeproDev Ultimate Invoice plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-32519 | WordPress GG Woo Feed for WooCommerce plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-32520 | WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability |
| CVE-2024-32522 | WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability |
| CVE-2024-32524 | WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2024-30470 | WordPress YITH WooCommerce Account Funds Premium plugin <= 1.32.0 - Broken Access Control vulnerability |
| CVE-2024-30477 | WordPress Klarna Payments for WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2024-30484 | WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2024-30485 | WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability |
| CVE-2024-30487 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Broken Access Control vulnerability |
| CVE-2024-3115 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-31981 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass |
| CVE-2024-31983 | XWiki Platform: Remote code execution from edit in multilingual wikis via translations |
| CVE-2024-31987 | XWiki Platform remote code execution from account via custom skins support |
| CVE-2024-31997 | XWiki Platform remote code execution from account through UIExtension parameters |
| CVE-2024-32081 | WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability |
| CVE-2024-32142 | WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-32143 | WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability |
| CVE-2024-32144 | WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability |
| CVE-2024-32146 | WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability |
| CVE-2024-32148 | WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-32432 | WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-32455 | WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2024-32466 | Tolgee's API key scopes not checked when querying translation data |
| CVE-2024-32601 | WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability |
| CVE-2024-31273 | WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2024-31274 | WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability |
| CVE-2024-31275 | WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability |
| CVE-2024-31276 | WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2024-31281 | WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability |
| CVE-2024-31283 | WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability |
| CVE-2024-31284 | WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability |
| CVE-2024-31294 | WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-31297 | WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability |
| CVE-2024-31304 | WordPress MultiVendorX Marketplace <= 4.1.3 - Broken Access Control vulnerability |
| CVE-2024-31307 | WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability |
| CVE-2024-31342 | WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability |
| CVE-2024-31343 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10.1 - Arbitrary File Download vulnerability |
| CVE-2024-31347 | WordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-31350 | WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2024-31352 | WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability |
| CVE-2024-31358 | WordPress 5 Stars Rating Funnel plugin <= 1.2.67 - Arbitrary Content Deletion vulnerability |
| CVE-2024-32525 | WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability |
| CVE-2024-32532 | WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability |
| CVE-2024-32589 | WordPress Barcode Scanner and Inventory manager plugin <= 1.5.3 - Broken Access Control to XSS vulnerability |
| CVE-2024-32717 | WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2024-32719 | WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability |
| CVE-2024-32724 | WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnera... |
| CVE-2024-32725 | WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability |
| CVE-2024-32727 | WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-32730 | Missing authorization check in SAP Enable Now Manager |
| CVE-2024-32731 | Missing Authorization check in SAP My Travel Requests |
| CVE-2024-32776 | WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability |
| CVE-2024-32777 | WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability |
| CVE-2024-32778 | WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability |
| CVE-2024-32779 | WordPress Vision – Image Map Builder plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-32783 | WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2024-32784 | WordPress CookieHub plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2024-32787 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.7.1 - Broken Access Control vulnerability |
| CVE-2024-32792 | WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability |
| CVE-2024-32797 | WordPress WP LinkedIn Auto Publish plugin <= 8.11 - Broken Access Control vulnerability |
| CVE-2024-32656 | Ant Media Server vulnerable to local privilege escalation |
| CVE-2024-32675 | WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-32677 | WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability |
| CVE-2024-32678 | WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2024-32679 | WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability |
| CVE-2024-32681 | WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-32682 | WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-32684 | WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability |
| CVE-2024-32687 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability |
| CVE-2024-32688 | WordPress MyRewards plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-32689 | WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2024-32691 | WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability |
| CVE-2024-32692 | WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability |
| CVE-2024-32701 | WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability |
| CVE-2024-32703 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability |
| CVE-2024-32704 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability |
| CVE-2024-32705 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability |
| CVE-2024-32712 | WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability |
| CVE-2024-22156 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-22296 | WordPress 12 Step Meeting List plugin <= 3.14.28 - Broken Access Control vulnerability |
| CVE-2024-22298 | WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability |
| CVE-2024-33956 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-32713 | WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2024-32714 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability |
| CVE-2024-32715 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability |
| CVE-2024-33543 | WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability |
| CVE-2024-33545 | WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-33547 | WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability |
| CVE-2024-33555 | WordPress XStore Core plugin <= 5.3.8 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2024-33558 | WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability |
| CVE-2024-33561 | WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-33563 | WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability |
| CVE-2024-33564 | WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability |
| CVE-2024-33565 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerabilit... |
| CVE-2024-33566 | WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability |
| CVE-2024-33570 | WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2024-33572 | WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability |
| CVE-2024-33573 | WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-33574 | WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability |
| CVE-2024-33576 | WordPress WPPizza plugin <= 3.18.10 - Broken Access Control vulnerability |
| CVE-2024-31359 | WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability |
| CVE-2024-31366 | WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability |
| CVE-2024-31367 | WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability |
| CVE-2024-31368 | WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-31375 | WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability |
| CVE-2024-31421 | WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability |
| CVE-2024-31423 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability |
| CVE-2024-31432 | WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2024-32948 | WordPress ARMember – Membership Plugin plugin <= 4.0.28 - Broken Access Control vulnerability |
| CVE-2024-32951 | WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability |
| CVE-2024-32957 | WordPress Page Builder: Live Composer plugin <= 1.5.38 - Broken Access Control vulnerability |
| CVE-2024-33000 | Missing Authorization check in SAP Bank Account Management |
| CVE-2024-33005 | Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server |
| CVE-2024-3305 | IDOR in Utarit Information's SoliClub |
| CVE-2024-33635 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability |
| CVE-2024-33636 | WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-33652 | WordPress Client Dash plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2024-32798 | WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability |
| CVE-2024-32799 | WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2024-32802 | WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability |
| CVE-2024-32804 | WordPress WP GoToWebinar plugin <= 14.46 - Broken Access Control vulnerability |
| CVE-2024-32805 | WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2024-32810 | WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-32813 | WordPress Integrate Google Drive plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-32814 | WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2024-32818 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2024-32820 | WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerab... |
| CVE-2024-32821 | WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2024-32822 | WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2024-32824 | WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-32826 | WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability |
| CVE-2024-32828 | WordPress Table Rate Shipping Method for WooCommerce by Flexible Shipping plugin <= 4.24.15 - Broken Access Control vulnerabi... |
| CVE-2024-32829 | WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability |
| CVE-2024-32832 | WordPress Login with Phone Number plugin <= 1.6.93 - Broken Access Control vulnerability |
| CVE-2024-35237 | MIT IdentiBot User-Kerberos Mapping Publicly Available |
| CVE-2024-35628 | WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability |
| CVE-2024-35660 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability |
| CVE-2024-35661 | WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-34371 | WordPress Login with phone number plugin <= 1.7.18 - Broken Access Control vulnerability |
| CVE-2024-34372 | WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability |
| CVE-2024-34377 | WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2024-34378 | WordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerability |
| CVE-2024-34387 | WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability |
| CVE-2024-34389 | WordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerability |
| CVE-2024-34435 | WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability |
| CVE-2024-34442 | WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2024-34444 | WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-34690 | Missing Authorization check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-34691 | Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) |
| CVE-2024-34753 | WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability |
| CVE-2024-34758 | WordPress FundEngine – Donation and Crowdfunding Platform plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2024-34763 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability |
| CVE-2024-34768 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability |
| CVE-2024-34799 | WordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerability |
| CVE-2024-34802 | WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2024-33585 | WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability |
| CVE-2024-33586 | WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability |
| CVE-2024-33587 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2024-33588 | WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability |
| CVE-2024-33589 | WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2024-33591 | WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability |
| CVE-2024-33593 | WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability |
| CVE-2024-33594 | WordPress Leaky Paywall plugin <= 4.20.8 - Price Manipulation vulnerability |
| CVE-2024-33595 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-33596 | WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability |
| CVE-2024-33597 | WordPress SSU plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2024-35168 | WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2024-35174 | WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability |
| CVE-2024-36246 | Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code ma... |
| CVE-2024-36326 | Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a stan... |
| CVE-2024-36995 | Low-privileged user could create experimental items |
| CVE-2024-35662 | WordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2024-35663 | WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-35665 | WordPress Insert Post Ads plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2024-34803 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability |
| CVE-2024-34804 | WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2024-34813 | WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability |
| CVE-2024-34815 | WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability |
| CVE-2024-34819 | WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability |
| CVE-2024-34820 | WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-34821 | WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability |
| CVE-2024-34822 | WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability |
| CVE-2024-34824 | WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability |
| CVE-2024-34826 | WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2024-37172 | [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) |
| CVE-2024-37175 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) |
| CVE-2024-37176 | Missing Authorization check in SAP BW/4HANA Transformation and DTP |
| CVE-2024-37201 | WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability |
| CVE-2024-37202 | WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.16 - Broken Access Co... |
| CVE-2024-37203 | WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability |
| CVE-2024-37094 | WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability |
| CVE-2024-37095 | WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability |
| CVE-2024-37096 | WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability |
| CVE-2024-37106 | WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability |
| CVE-2024-37111 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability |
| CVE-2024-37119 | WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability |
| CVE-2024-37123 | WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability |
| CVE-2024-37254 | WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability |
| CVE-2024-37255 | WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37269 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37276 | WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability |
| CVE-2024-37296 | Aimeos HTML client vulnerable to digital products download without proper payment status check |
| CVE-2024-37363 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2024-37411 | WordPress Progress Planner plugin <= 0.9.1 - Broken Access Control vulnerability |
| CVE-2024-37415 | WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability |
| CVE-2024-37425 | WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2024-37427 | WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability |
| CVE-2024-37439 | WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability |
| CVE-2024-37440 | WordPress Church Admin plugin <= 4.4.4 - Broken Access Control vulnerability |
| CVE-2024-37443 | WordPress WP Job Manager plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-37444 | WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2024-37453 | WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability |
| CVE-2024-37456 | WordPress Simple Newsletter Plugin – Noptin plugin <= 3.4.2 - Broken Access Control vulnerability |
| CVE-2024-37463 | WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2024-37468 | WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-37470 | WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37475 | WordPress Newspack Newsletters plugin <= 2.13.2 - Broken Access Control vulnerability |
| CVE-2024-37477 | WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability |
| CVE-2024-37481 | WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability |
| CVE-2024-37482 | WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability |
| CVE-2024-37483 | WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability |
| CVE-2024-37505 | WordPress Business One Page theme <= 1.2.9 - Broken Access Control on Notice Dismissal vulnerability |
| CVE-2024-37506 | WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability |
| CVE-2024-37510 | WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability |
| CVE-2024-37921 | WordPress Chained Quiz plugin <= 1.3.2.8 - Broken Access Control vulnerability |
| CVE-2024-37926 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability |
| CVE-2024-37929 | WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability |
| CVE-2024-37930 | WordPress SmartMag theme <= 9.3.0 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-37935 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability |
| CVE-2024-38002 | The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 thro... |
| CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability |
| CVE-2024-38190 | Power Platform Information Disclosure Vulnerability |
| CVE-2024-38690 | WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability |
| CVE-2024-38695 | WordPress WP GoToWebinar plugin <= 15.6 - Broken Access Control vulnerability |
| CVE-2024-38699 | WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability |
| CVE-2024-38702 | WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2024-3932 | Totara LMS User Selector cross-site request forgery |
| CVE-2024-39546 | Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation |
| CVE-2024-39591 | Missing Authorization check in SAP Document Builder |
| CVE-2024-39592 | [CVE-2024-39592] Missing Authorization check in SAP PDCE |
| CVE-2024-39596 | [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now |
| CVE-2024-39625 | WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability |
| CVE-2024-39635 | WordPress Youzify plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-39640 | WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability |
| CVE-2024-39650 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities |
| CVE-2024-39654 | WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability |
| CVE-2024-39664 | WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability |
| CVE-2024-3976 | Missing Authorization in GitLab |
| CVE-2024-39823 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-39824 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-4138 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-4139 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-41728 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-33684 | WordPress Save as PDF plugin by Pdfcrowd plugin <= 3.2.0 - Broken Access Control to Stored XSS vulnerability |
| CVE-2024-33686 | Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes |
| CVE-2024-33907 | WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability |
| CVE-2024-33908 | WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2024-33910 | WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2024-33912 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability |
| CVE-2024-33914 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability |
| CVE-2024-33915 | WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-33919 | WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-33920 | WordPress Democracy Poll plugin <= 6.0.3 - Broken Access Control vulnerability |
| CVE-2024-33923 | WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability |
| CVE-2024-33925 | WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2024-33929 | WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability |
| CVE-2024-33931 | WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2024-33937 | WordPress Progressive WordPress (PWA) plugin <= 2.1.13 - Broken Access Control vulnerability |
| CVE-2024-33938 | WordPress Sliding Widgets plugin <= 1.5.0 - Broken Access Control to XSS vulnerability |
| CVE-2024-33941 | WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability |
| CVE-2024-33942 | WordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-33944 | WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerabilit... |
| CVE-2024-37516 | WordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerability |
| CVE-2024-37517 | WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability |
| CVE-2024-37542 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2024-37544 | WordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerability |
| CVE-2024-3761 | Missing Authorization on Delete Datasets in lunary-ai/lunary |
| CVE-2024-37898 | XWiki Platform vulnerable to document deletion and overwrite from edit |
| CVE-2024-37901 | XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet |
| CVE-2024-37903 | Mastodon has improper authorship check on audience extension for existing posts |
| CVE-2024-38353 | CodiMD - Missing Image Access Controls and Unauthorized Image Access |
| CVE-2024-38707 | WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability |
| CVE-2024-38714 | WordPress WP Fast Total Search <= 1.68.232 - Broken Access Control vulnerability |
| CVE-2024-38719 | WordPress Auto Featured Image plugin <= 4.1.2 - Broken Access Control vulnerability |
| CVE-2024-38721 | WordPress EazyDocs plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2024-38726 | WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability |
| CVE-2024-38727 | WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Broken Access Control vulnerability |
| CVE-2024-38733 | WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2024-38737 | WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability |
| CVE-2024-38740 | WordPress Packlink PRO shipping module plugin <= 3.4.6 - Broken Access Control vulnerability |
| CVE-2024-38743 | WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2024-38744 | WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability |
| CVE-2024-38745 | WordPress Wholesale Suite plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2024-38748 | WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability |
| CVE-2024-38769 | WordPress Arconix Shortcodes plugin <= 2.1.11 - Broken Access Control vulnerability |
| CVE-2024-38771 | WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability |
| CVE-2024-38774 | WordPress Security Optimizer plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2024-38777 | WordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerability |
| CVE-2024-38783 | WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability |
| CVE-2024-38792 | WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability |
| CVE-2024-38794 | WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability |
| CVE-2024-41734 | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2024-42035 | Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect... |
| CVE-2024-4233 | Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares |
| CVE-2024-42371 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-42372 | Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) |
| CVE-2024-42373 | Missing Authorization Check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-42376 | Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework |
| CVE-2024-42377 | Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework |
| CVE-2024-42380 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-42434 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-42470 | CometVisu Backend for openHAB has a sensitive information disclosure vulnerability |
| CVE-2024-4259 | Sensetive Data Exposure in SAMPAS's AKOS |
| CVE-2024-43118 | WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability |
| CVE-2024-43119 | WordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerability |
| CVE-2024-43120 | WordPress TypeSquare Webfonts plugin <= 2.0.7 - Broken Access Control vulnerability |
| CVE-2024-43122 | WordPress Robin image optimizer plugin <= 1.6.9 - Broken Access Control vulnerability |
| CVE-2024-43134 | WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2024-43136 | WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2024-43142 | WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability |
| CVE-2024-43143 | WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability |
| CVE-2024-37204 | WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability |
| CVE-2024-37207 | WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-37209 | WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-37214 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerability |
| CVE-2024-37218 | WordPress Page Builder Sandwich <= 5.1.0 - Broken Access Control vulnerability |
| CVE-2024-37220 | WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability |
| CVE-2024-37226 | WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Broken Access Control vulnerability |
| CVE-2024-37232 | WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability |
| CVE-2024-37249 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability |
| CVE-2024-37250 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability |
| CVE-2024-43247 | WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability |
| CVE-2024-43253 | WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability |
| CVE-2024-43254 | WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability |
| CVE-2024-43256 | WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability |
| CVE-2024-43260 | WordPress Clearfy Cache plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2024-43268 | WordPress Backup and Restore WordPress plugin <= 1.50 - Broken Access Control vulnerability |
| CVE-2024-43270 | WordPress Backup and Restore WordPress plugin <= 1.50 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-43273 | WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability |
| CVE-2024-43274 | WordPress JS Help Desk – The Ultimate Help Desk plugin <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2024-43277 | WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability |
| CVE-2024-43285 | WordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2024-43290 | WordPress Atarim plugin <= 4.0.1 - Broken Access Control vulnerability |
| CVE-2024-43293 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2024-43296 | WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability |
| CVE-2024-43297 | WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-43298 | WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-43302 | WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability |
| CVE-2024-43310 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broke... |
| CVE-2024-43312 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability |
| CVE-2024-43314 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerability |
| CVE-2024-43323 | WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability |
| CVE-2024-43326 | WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability |
| CVE-2024-43331 | WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability |
| CVE-2024-43332 | WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability |
| CVE-2024-43341 | WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2024-43343 | WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability |
| CVE-2024-43939 | WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability |
| CVE-2024-43940 | WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-43956 | WordPress MemberPress plugin <= 1.11.34 - Broken Access Control vulnerability |
| CVE-2024-43962 | WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability |
| CVE-2024-43968 | WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability |
| CVE-2024-43973 | WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability |
| CVE-2024-43974 | WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-43979 | WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2024-43980 | WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-43981 | WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability |
| CVE-2024-41729 | Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) |
| CVE-2024-41730 | Missing Authentication check in SAP BusinessObjects Business Intelligence Platform |
| CVE-2024-43355 | WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-4341 | IDOR in ExtremePacs's Extreme XDS |
| CVE-2024-43662 | Authenticated arbitrary file upload to /tmp/ and /tmp/upload/ |
| CVE-2024-43919 | WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability |
| CVE-2024-43923 | WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability |
| CVE-2024-43924 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability |
| CVE-2024-43925 | WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability |
| CVE-2024-43928 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-43929 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-43932 | WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability |
| CVE-2024-43937 | WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability |
| CVE-2024-44112 | Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution) |
| CVE-2024-44113 | Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer) |
| CVE-2024-44115 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44116 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44117 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-4428 | Sensetive Data Exposure in Menulux Managment Portal |
| CVE-2024-45050 | Ringer Server Does Not Check Members When Loading Messages |
| CVE-2024-4520 | Improper Access Control in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-45284 | Missing authorization check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-45285 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-45286 | Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) |
| CVE-2024-45307 | SudoBot missing authorization check in `-config` command |
| CVE-2024-45393 | Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries |
| CVE-2024-45461 | Apache CloudStack Quota plugin: Access checks not enforced in Quota |
| CVE-2024-45591 | XWiki Platform document history including authors of any page exposed to unauthorized actors |
| CVE-2024-45732 | Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app |
| CVE-2024-45760 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remot... |
| CVE-2024-47302 | WordPress Fluent Support plugin <= 1.8.0 - Broken Access Control on Email Verification vulnerability |
| CVE-2024-47308 | WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-47311 | WordPress Wheel of Life plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2024-47314 | WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2024-47317 | WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability |
| CVE-2024-47318 | WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability |
| CVE-2024-47321 | WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2024-47330 | Broken Access Control vulnerability on multiple WordPress plugins by Supsystic |
| CVE-2024-47337 | WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-47358 | WordPress Popup Maker plugin <= 1.19.2 - Broken Access Control vulnerability |
| CVE-2024-47359 | WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability |
| CVE-2024-47361 | WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability |
| CVE-2024-47362 | WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability |
| CVE-2024-4744 | WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2024-4745 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability |
| CVE-2024-4746 | WordPress Netgsm plugin <= 2.9.16 - Broken Access Control vulnerability |
| CVE-2024-47581 | Missing Authorization check in SAP HCM (Approve Timesheets version 4) |
| CVE-2024-47585 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-47587 | Missing authorization check in SAP Cash Management (Cash Operations) |
| CVE-2024-48039 | WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.15 - Broken Access Control vulnerability |
| CVE-2024-48044 | WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability |
| CVE-2024-48045 | WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability |
| CVE-2024-49273 | WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49293 | WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability |
| CVE-2024-49581 | Access control issue impacting RV backed objects |
| CVE-2024-49596 | Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attac... |
| CVE-2024-49657 | WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-49680 | WordPress wpvr plugin <= 8.5.5 - Broken Access Control vulnerability |
| CVE-2024-49683 | WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability |
| CVE-2024-49686 | WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability |
| CVE-2024-49687 | WordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerability |
| CVE-2024-43146 | WordPress Accelerated Mobile Pages plugin <= 1.0.96.1 - Broken Access Control vulnerability |
| CVE-2024-43154 | WordPress Advanced Cron Manager – debug & control plugin <= 2.5.9 - Broken Access Control vulnerability |
| CVE-2024-43157 | WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability |
| CVE-2024-43158 | WordPress Masteriyo LMS plugin <= 1.11.4 - Broken Access Control vulnerability |
| CVE-2024-43159 | WordPress Masteriyo LMS plugin <= 1.11.6 - Broken Access Control vulnerability |
| CVE-2024-43162 | WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability |
| CVE-2024-4317 | PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks |
| CVE-2024-43208 | WordPress Send Emails with Mandrill plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-43209 | WordPress Bitly's WordPress Plugin plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2024-43212 | WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2024-43214 | WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability |
| CVE-2024-43215 | WordPress Social Slider Feed plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2024-43219 | WordPress Persian WooCommerce plugin <= 7.1.6 - Broken Access Control vulnerability |
| CVE-2024-43222 | WordPress Sweet Date - More than a Wordpress Dating Theme theme <= 3.7.3 - Privilege Escalation vulnerability |
| CVE-2024-43223 | WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability |
| CVE-2024-43229 | WordPress WP Search Analytics plugin <= 1.4.9 - Broken Access Control vulnerability |
| CVE-2024-43982 | WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability |
| CVE-2024-43998 | WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2024-44006 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability |
| CVE-2024-44019 | WordPress Contact Form 7 Campaign Monitor Extension plugin <= 0.4.67 - Arbitrary File Deletion vulnerability |
| CVE-2024-44020 | WordPress WP Free SSL plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-44021 | WordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2024-44031 | WordPress JoomSport plugin <= 5.6.3 - Broken Access Control vulnerability |
| CVE-2024-44038 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability |
| CVE-2024-44052 | WordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2024-4410 | IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization |
| CVE-2024-4660 | Missing Authorization in GitLab |
| CVE-2024-47055 | Segment cloning doesn't have a proper permission check |
| CVE-2024-47790 | Missing Authorization Vulnerability |
| CVE-2024-4888 | Arbitrary File Deletion in BerriAI/litellm |
| CVE-2024-48898 | Moodle: some users can delete audiences of other reports |
| CVE-2024-49321 | WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability |
| CVE-2024-49325 | WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2024-49367 | Nginx UI's log path can be controlled |
| CVE-2024-50052 | Arbitrary post deletion via Playbooks /ignore-thread endpoint |
| CVE-2024-51516 | Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause featur... |
| CVE-2024-51651 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2024-51660 | WordPress Easy Accordion Gutenberg Block plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2024-51666 | WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2024-51667 | WordPress Paytium plugin <= 4.4.10 - Broken Access Control vulnerability |
| CVE-2024-51671 | WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2024-52416 | WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability |
| CVE-2024-5248 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-52480 | WordPress Jobify plugin <= 4.2.3 - Broken Access Control vulnerability |
| CVE-2024-52485 | WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2024-53708 | WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2024-54217 | WordPress ARForms plugin <= 6.4.1 - Plugin Settings Change vulnerability |
| CVE-2024-54218 | WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-49689 | WordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerability |
| CVE-2024-49694 | WordPress My Wp Brand – Hide menu & Hide Plugin plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-49697 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability |
| CVE-2024-49698 | WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-50417 | WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability |
| CVE-2024-50421 | WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 3.8.6 - Broken Access Control vulnerability |
| CVE-2024-50422 | WordPress Breeze plugin <= 2.1.14 - Broken Access Control vulnerability |
| CVE-2024-50423 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2024-50424 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2024-50428 | WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability |
| CVE-2024-50454 | WordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-50455 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2024-50456 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2024-50459 | WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2024-50475 | WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-50476 | WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-50490 | WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-43235 | WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability |
| CVE-2024-50500 | WordPress Phlox Core Elements plugin <= 2.17.2 - Broken Access Control vulnerability |
| CVE-2024-5126 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-5127 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-5129 | Privilege Escalation Vulnerability in lunary-ai/lunary |
| CVE-2024-5130 | Incorrect Authorization in lunary-ai/lunary |
| CVE-2024-51817 | WordPress Combo WP Rewrite Slugs plugin <= 1.0 - Settings Change vulnerability |
| CVE-2024-52382 | WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-52383 | WordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2024-52391 | WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability |
| CVE-2024-52395 | WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability |
| CVE-2024-52500 | WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2024-54354 | WordPress Termin-Kalender plugin <= 0.99.47 - Broken Access Control vulnerability |
| CVE-2024-54359 | WordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2024-54369 | WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability |
| CVE-2024-54378 | WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54379 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-35667 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability |
| CVE-2024-35669 | WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-54227 | WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-54239 | WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54241 | WordPress Elite Notification plugin 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54242 | WordPress Simple Notification plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2024-54251 | WordPress Prodigy Commerce plugin <= 3.0.9 - Broken Access Control vulnerability |
| CVE-2024-54252 | WordPress Pinpoint Booking System Plugin <= 2.9.9.5.6 - Broken Access Control vulnerability |
| CVE-2024-54254 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability |
| CVE-2024-54256 | WordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerability |
| CVE-2024-54267 | WordPress CM Answers plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2024-54268 | WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability |
| CVE-2024-54269 | WordPress Notibar plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2024-54271 | WordPress WPCargo Track & Trace plugin <= 7.0.6 - Settings Change vulnerability |
| CVE-2024-54278 | WordPress News Ticker for Elementor plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2024-54289 | WordPress Awesome Support plugin <= 6.3.0 - Broken Access Control vulnerability |
| CVE-2024-54298 | WordPress Car Dealer plugin <= 4.46 - Broken Access Control vulnerability |
| CVE-2024-5309 | Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions |
| CVE-2024-5318 | Missing Authorization in GitLab |
| CVE-2024-53258 | download_all_submissions allows student to download another student's submissions in Autolab |
| CVE-2024-53298 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. A... |
| CVE-2024-53784 | WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.9 - Broken Access Control vulnerability |
| CVE-2024-53785 | WordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-53795 | WordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2024-53798 | WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability |
| CVE-2024-53799 | WordPress FloristPress plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2024-53803 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability |
| CVE-2024-53805 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability |
| CVE-2024-53806 | WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability |
| CVE-2024-53810 | WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability |
| CVE-2024-53813 | WordPress wp-travel plugin <= 9.6.0 - Broken Access Control vulnerability |
| CVE-2024-53816 | WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2024-54381 | WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability |
| CVE-2024-54384 | WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2024-54402 | WordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2024-54417 | WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2024-55408 | An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizin... |
| CVE-2024-5570 | Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update |
| CVE-2024-55876 | XWiki's scheduler in subwiki allows scheduling operations for any main wiki user |
| CVE-2024-55879 | XWiki allows RCE from script right in configurable sections |
| CVE-2024-55991 | WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability |
| CVE-2024-55992 | WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability |
| CVE-2024-55993 | WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control vulnerability |
| CVE-2024-55994 | WordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerability |
| CVE-2024-55995 | WordPress Torod plugin <= 1.7 - Settings Change vulnerability |
| CVE-2024-55996 | WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability |
| CVE-2024-55997 | WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability |
| CVE-2024-35671 | WordPress MJ Update History plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2024-35672 | WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability |
| CVE-2024-35674 | WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability |
| CVE-2024-35683 | WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability |
| CVE-2024-35685 | WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability |
| CVE-2024-54310 | WordPress Gou Manage My Account Menu plugin <= 1.0.1.8 - Broken Access Control vulnerability |
| CVE-2024-54311 | WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability |
| CVE-2024-54323 | WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2024-54326 | WordPress GEO my WP plugin <= 4.5.0.4 - Broken Access Control vulnerability |
| CVE-2024-56031 | WordPress Smart Shopify Product plugin <= 1.0.2 - Arbitrary Content Deletion vulnerability |
| CVE-2024-56048 | WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-56061 | WordPress RepairBuddy plugin <= 3.8119 - Account Takeover vulnerability |
| CVE-2024-56066 | WordPress Agency Toolkit plugin <= 1.0.23 - Privilege Escalation vulnerability |
| CVE-2024-56067 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability |
| CVE-2024-56070 | WordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilities |
| CVE-2024-56211 | WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability |
| CVE-2024-56215 | WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2024-56217 | WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability |
| CVE-2024-56219 | WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2024-56225 | WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability |
| CVE-2024-56227 | WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability |
| CVE-2024-35686 | WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability |
| CVE-2024-35692 | WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability |
| CVE-2024-35716 | WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability |
| CVE-2024-53819 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.0 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-53825 | WordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerability |
| CVE-2024-53826 | WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-54020 | A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an... |
| CVE-2024-56234 | WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability |
| CVE-2024-56236 | WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56238 | WordPress Floating Action Buttons plugin <= 0.9.1 - Broken Access Control vulnerability |
| CVE-2024-56243 | WordPress WPSSO Core plugin <= 18.18.1 - Broken Access Control vulnerability |
| CVE-2024-56244 | WordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerability |
| CVE-2024-56253 | WordPress Data Tables Generator by Supsystic plugin <= 1.10.36 - Broken Access Control vulnerability |
| CVE-2024-56255 | WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability |
| CVE-2024-56266 | WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2024-56270 | WordPress WP SecureSubmit plugin <= 1.5.16 - Sensitive Data Exposure vulnerability |
| CVE-2024-56271 | WordPress WP SecureSubmit plugin <= 1.5.16 - Broken Access Control vulnerability |
| CVE-2024-56272 | WordPress Hide Category by User Role for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2024-55998 | WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability |
| CVE-2024-55999 | WordPress XML Multilanguage Sitemap Generator plugin <= 2.0.6 - Broken Access Control vulnerability |
| CVE-2024-56001 | WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2024-56002 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-56003 | WordPress Caldera SMTP Mailer plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-56004 | WordPress Easy Site Importer plugin <= 1.0.1 - Settings Change vulnerability |
| CVE-2024-56006 | WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability |
| CVE-2024-56007 | WordPress Leader plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-56008 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability |
| CVE-2024-56009 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2024-5685 | Broken Function Level Authorization (BFLA) in snipe/snipe-it |
| CVE-2024-5710 | Improper Access Control in Team Management in berriai/litellm |
| CVE-2024-5769 | MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update |
| CVE-2024-5784 | Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-5820 | Unprotected WebSocket in stitionai/devika |
| CVE-2024-5857 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authoriz... |
| CVE-2024-5861 | WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection |
| CVE-2024-5899 | Improper trust check in Bazel Build intellij plugin |
| CVE-2024-5939 | GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure |
| CVE-2024-5940 | GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update |
| CVE-2024-35717 | WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-35720 | WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2024-35721 | WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2024-35722 | WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2024-6071 | PTC Creo Elements/Direct License Server Missing Authorization |
| CVE-2024-6155 | Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Re... |
| CVE-2024-6303 | Missing Authorization in Conduit |
| CVE-2024-6332 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive I... |
| CVE-2024-6366 | User Profile Builder < 3.11.8 - Unauthenticated Media Upload |
| CVE-2024-6406 | Sensetive Data Exposure in Yordam Information Technology's Mobile Library Application |
| CVE-2024-6590 | Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Googl... |
| CVE-2024-6591 | Ultimate WordPress Auction Plugin <= 4.2.6 - Missing Authorization to Unauthenticated Email Creation |
| CVE-2024-6626 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization |
| CVE-2024-6631 | ImageRecycle pdf & image compression <= 3.1.14 - Missing Authorization in Several AJAX Actions |
| CVE-2024-6636 | WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation |
| CVE-2024-6688 | Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update |
| CVE-2024-6698 | FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-6709 | Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update |
| CVE-2024-6869 | Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure |
| CVE-2024-6872 | Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor... |
| CVE-2024-6883 | Event Espresso 4 Decaf – Event Registration Event Ticketing <= 5.0.22.decaf - Authenticated (Subscriber+) Missing Authorizati... |
| CVE-2024-6987 | Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation |
| CVE-2024-7258 | WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion |
| CVE-2024-7605 | HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update |
| CVE-2024-7621 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-7622 | Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending |
| CVE-2024-7648 | Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure |
| CVE-2024-7714 | AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls |
| CVE-2024-7721 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limit... |
| CVE-2024-7727 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_... |
| CVE-2024-8001 | VIWIS LMS Print authorization |
| CVE-2024-8042 | Rapid7 Insight Platform Unauthorized Empty Group Creation |
| CVE-2024-8074 | Sensetive Data Exposure in Nomysoft Informatics' Nomysem |
| CVE-2024-8102 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-8369 | EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure |
| CVE-2024-5941 | GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited Fi... |
| CVE-2024-5987 | WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2024-5997 | Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation |
| CVE-2024-6458 | WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-6489 | Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update |
| CVE-2024-6491 | Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update |
| CVE-2024-6500 | InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Del... |
| CVE-2024-6750 | Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions |
| CVE-2024-6754 | Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_p... |
| CVE-2024-6755 | Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-6799 | YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install... |
| CVE-2024-6805 | Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources |
| CVE-2024-6806 | Missing Authorization Checks In NI VeriStand Gateway For Project Resources |
| CVE-2024-6824 | Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion an... |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Cli... |
| CVE-2024-6846 | SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge |
| CVE-2024-7380 | Geo Controller <= 8.6.9 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion |
| CVE-2024-7381 | Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution |
| CVE-2024-7390 | WP Testimonial Widget <= 3.0 - Missing Authorization |
| CVE-2024-7447 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authoriz... |
| CVE-2024-56273 | WordPress WPvivid Backup plugin <= 0.9.106 - Broken Access Control vulnerability |
| CVE-2024-56276 | WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability |
| CVE-2024-56294 | WordPress Nexter Blocks plugin <= 4.0.7 - Broken Access Control vulnerability |
| CVE-2024-56295 | WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability |
| CVE-2024-7030 | Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update |
| CVE-2024-7031 | File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update |
| CVE-2024-7032 | Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion |
| CVE-2024-7043 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7045 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7046 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7135 | Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-8114 | Missing Authorization in GitLab |
| CVE-2024-8121 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change |
| CVE-2024-8195 | Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2024-8199 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Auth... |
| CVE-2024-8513 | QA Analytics <= 4.1.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-8548 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple... |
| CVE-2024-8552 | Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable |
| CVE-2024-8771 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missi... |
| CVE-2024-8860 | Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions |
| CVE-2024-8999 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-9161 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Met... |
| CVE-2024-9187 | Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion |
| CVE-2024-9189 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization |
| CVE-2024-9195 | WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-9202 | EDC DataSetResolver policy filtering missing |
| CVE-2024-9223 | WPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-9234 | GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9361 | Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-9364 | SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion |
| CVE-2024-9520 | UserPlus <= 2.0 - Missing Authorization via Multiple Functions |
| CVE-2024-9578 | Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution |
| CVE-2024-7475 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-7491 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe |
| CVE-2024-7767 | Improper Access Control in danswer-ai/danswer |
| CVE-2024-7786 | Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak |
| CVE-2024-7856 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscr... |
| CVE-2024-7858 | Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions |
| CVE-2024-7888 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization |
| CVE-2024-7894 | If Menu <= 0.19.1 - Missing Authorization to License Key Update |
| CVE-2024-8272 | macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation |
| CVE-2024-8289 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor P... |
| CVE-2024-8349 | Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation |
| CVE-2024-8350 | Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add |
| CVE-2024-9000 | Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary |
| CVE-2024-9025 | Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handle... |
| CVE-2024-9065 | WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test |
| CVE-2024-9067 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorizati... |
| CVE-2024-8427 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (... |
| CVE-2024-8430 | Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import |
| CVE-2024-8431 | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private G... |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+)... |
| CVE-2024-8434 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Upd... |
| CVE-2024-8437 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulati... |
| CVE-2024-8480 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Uploa... |
| CVE-2024-8632 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure |
| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce... |
| CVE-2024-8667 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authent... |
| CVE-2024-8675 | Soumettre.fr <= 2.1.2 - Missing Authorization |
| CVE-2024-8678 | Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update |
| CVE-2024-8682 | JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration |
| CVE-2024-8700 | Event Calendar <= 1.0.4 - Unauthenticated Arbitrary Calendar Deletion |
| CVE-2024-9756 | Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File U... |
| CVE-2024-9824 | ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post T... |
| CVE-2024-9829 | Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download |
| CVE-2024-9860 | Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import |
| CVE-2024-9891 | Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation |
| CVE-2025-0515 | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscr... |
| CVE-2025-0856 | PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions |
| CVE-2025-0935 | Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change |
| CVE-2025-0939 | MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization |
| CVE-2025-0951 | LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated |
| CVE-2025-0952 | Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Op... |
| CVE-2025-10173 | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Aut... |
| CVE-2025-10184 | OnePlus OxygenOS Telephony provider permission bypass |
| CVE-2025-10186 | WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.14 - Missing Authorization to Unauthenticated wp_wdplugin_... |
| CVE-2025-1021 | Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and... |
| CVE-2024-9583 | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization |
| CVE-2024-9584 | Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete |
| CVE-2024-9586 | Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update |
| CVE-2024-9587 | Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX |
| CVE-2024-9626 | Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post F... |
| CVE-2024-9628 | WPS Telegram Chat <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API |
| CVE-2024-9629 | Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse |
| CVE-2024-9630 | WPS Telegram Chat <= 4.5.4 - Missing Authorization to Information Exposure |
| CVE-2025-0067 | Missing Authorization check in SAP NetWeaver Application Server Java |
| CVE-2025-0068 | Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP |
| CVE-2025-0466 | Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure |
| CVE-2025-0763 | Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2025-0954 | WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import |
| CVE-2024-35723 | WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2024-35724 | WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2024-35725 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability |
| CVE-2024-35726 | WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability |
| CVE-2024-9095 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-9096 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-9109 | UPS Live Rates and Access Points <= 2.3.11 - Missing Authorization to Plugin API key reset |
| CVE-2024-9671 | System: pdf invoices of the developer users can be seen if the url is known |
| CVE-2024-9685 | Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message |
| CVE-2024-9686 | Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message |
| CVE-2024-9697 | Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update |
| CVE-2024-9705 | Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update |
| CVE-2024-9706 | Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation |
| CVE-2024-9707 | Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation |
| CVE-2025-1091 | Broken Authorization Schema |
| CVE-2025-11029 | givanz Vvveb cross-site request forgery |
| CVE-2025-11051 | SourceCodester Pet Grooming Management Software cross-site request forgery |
| CVE-2025-11154 | IDonate < 2.1.13 - Unauthenticated User Deletion |
| CVE-2025-11172 | Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-11191 | RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST |
| CVE-2025-10212 | SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure |
| CVE-2025-10489 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form C... |
| CVE-2025-1055 | K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-... |
| CVE-2025-10579 | BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure |
| CVE-2025-1084 | Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery |
| CVE-2025-10849 | Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via... |
| CVE-2025-10871 | Missing Authorization in GitLab |
| CVE-2025-10873 | Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending |
| CVE-2025-10896 | Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload |
| CVE-2025-10901 | Originality.ai AI Checker <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure v... |
| CVE-2025-11372 | LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation |
| CVE-2025-11373 | Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider,... |
| CVE-2025-11378 | ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export |
| CVE-2025-11380 | Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-11438 | JhumanJ OpnForm API Endpoint custom-domains authorization |
| CVE-2025-0955 | VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import |
| CVE-2025-10008 | Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion |
| CVE-2025-10040 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP C... |
| CVE-2025-10299 | WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privil... |
| CVE-2025-10303 | Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation |
| CVE-2025-10305 | Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion |
| CVE-2025-10313 | Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-10352 | Missing Authorization vulnerability in Melis Platform |
| CVE-2025-10637 | Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-10638 | NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export |
| CVE-2025-10648 | Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure v... |
| CVE-2025-10690 | Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin... |
| CVE-2025-10694 | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Info... |
| CVE-2025-10706 | Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2025-11228 | GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Associa... |
| CVE-2025-11237 | Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update |
| CVE-2025-11255 | Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log... |
| CVE-2025-11257 | LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import |
| CVE-2025-11269 | Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11894 | Shelf Planner <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11975 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.2... |
| CVE-2025-11988 | Crypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion |
| CVE-2025-11989 | Missing Authorization in GitLab |
| CVE-2025-11996 | Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion |
| CVE-2025-11999 | Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-12014 | NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update |
| CVE-2025-12015 | Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing... |
| CVE-2025-12041 | ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download |
| CVE-2024-35727 | WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerability |
| CVE-2024-35729 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability |
| CVE-2024-35735 | WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability |
| CVE-2024-35741 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Inform... |
| CVE-2025-1074 | Webkul QloApps URL mylogout cross-site request forgery |
| CVE-2025-10749 | Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletio... |
| CVE-2025-11580 | PowerJob list authorization |
| CVE-2025-11581 | PowerJob OpenAPIController runJob authorization |
| CVE-2025-11587 | Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update |
| CVE-2025-11632 | Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions |
| CVE-2025-12113 | Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (S... |
| CVE-2025-12134 | ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable |
| CVE-2025-1214 | pihome-shc PiHome Role-Based Access Control user_accounts.php authorization |
| CVE-2025-12156 | Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenti... |
| CVE-2025-12157 | Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset |
| CVE-2025-12158 | Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-12167 | Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset |
| CVE-2025-12175 | The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure |
| CVE-2025-11439 | JhumanJ OpnForm integrations authorization |
| CVE-2025-11442 | JhumanJ OpnForm API Endpoint cross-site request forgery |
| CVE-2025-11448 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery... |
| CVE-2025-11564 | Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update |
| CVE-2025-11692 | Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion |
| CVE-2025-11701 | Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure |
| CVE-2025-11702 | Missing Authorization in GitLab |
| CVE-2025-11705 | Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Fi... |
| CVE-2025-11742 | WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure |
| CVE-2025-11758 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation a... |
| CVE-2025-11816 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to... |
| CVE-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Ta... |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authoriz... |
| CVE-2024-35742 | WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability |
| CVE-2024-35748 | WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability |
| CVE-2024-36113 | Discourse missing authorization checks for suspending admins/moderators |
| CVE-2025-1358 | Pix Software Vivaz cross-site request forgery |
| CVE-2025-1402 | Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion |
| CVE-2025-11881 | AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure |
| CVE-2025-11887 | Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-11890 | Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass |
| CVE-2025-1279 | BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-12817 | PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege |
| CVE-2025-12847 | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticat... |
| CVE-2025-12849 | Contest Gallery <= 28.0.2 - Missing Authorization |
| CVE-2025-1285 | Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Ke... |
| CVE-2025-12891 | Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-12892 | Survey Maker <= 5.1.9.4 - Missing Authorization Unauthenticated Limited Option Update |
| CVE-2025-12924 | rymcu forest BankController.java GlobalResult authorization |
| CVE-2025-12925 | rymcu forest UserDicController.java deleteDic authorization |
| CVE-2025-12953 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated... |
| CVE-2025-12042 | Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export |
| CVE-2025-1233 | Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update |
| CVE-2025-12350 | DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-12377 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gal... |
| CVE-2025-12384 | Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Man... |
| CVE-2025-12389 | Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-12469 | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Missing Authorization to... |
| CVE-2025-1249 | WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability |
| CVE-2025-12498 | EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking... |
| CVE-2025-12526 | Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2025-12527 | Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion |
| CVE-2025-1309 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subsc... |
| CVE-2025-13119 | Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery |
| CVE-2025-13177 | Bdtask/CodeCanyon SalesERP cross-site request forgery |
| CVE-2025-12979 | Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-1299 | Missing Authorization in GitLab |
| CVE-2025-1304 | NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-13063 | DinukaNavaratna Dee Store authorization |
| CVE-2025-1307 | Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-1557 | OFCMS cross-site request forgery |
| CVE-2025-1562 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Autho... |
| CVE-2025-1639 | Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installatio... |
| CVE-2025-1643 | Benner ModernaNet SG_AlterarSenha cross-site request forgery |
| CVE-2025-1644 | Benner ModernaNet SG_Gravar cross-site request forgery |
| CVE-2025-1657 | Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post... |
| CVE-2025-1666 | Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscri... |
| CVE-2025-1668 | School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion |
| CVE-2025-1681 | Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files |
| CVE-2025-1404 | Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval v... |
| CVE-2025-1408 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join G... |
| CVE-2025-1891 | shishuocms cross-site request forgery |
| CVE-2025-20164 | A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticate... |
| CVE-2025-2075 | Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-21396 | Microsoft Account Elevation of Privilege Vulnerability |
| CVE-2025-12180 | Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2025-12202 | ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery |
| CVE-2025-12563 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload |
| CVE-2025-12582 | Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset |
| CVE-2025-12583 | Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-12633 | Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection |
| CVE-2025-12665 | Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion |
| CVE-2025-12675 | KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-2025 | Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Func... |
| CVE-2025-20301 | Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability |
| CVE-2025-20302 | Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability |
| CVE-2025-20362 | Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or... |
| CVE-2025-2042 | huang-yk student-manage cross-site request forgery |
| CVE-2025-2103 | SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post... |
| CVE-2025-21416 | Azure Virtual Desktop Elevation of Privilege Vulnerability |
| CVE-2025-22629 | WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-22643 | WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-2110 | WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2025-2224 | Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing |
| CVE-2025-22260 | WordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2025-22534 | WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability |
| CVE-2025-22541 | WordPress WP Delete Post Copies plugin <= 5.5 - Broken Access Control vulnerability |
| CVE-2025-22543 | WordPress ST Gallery WP plugin <= 1.0.8 - Settings Change vulnerability |
| CVE-2025-22560 | WordPress Saoshyant Page Builder plugin <= 3.8 - Broken Access Control vulnerability |
| CVE-2025-22561 | WordPress Title Experiments Free plugin <= 9.0.4 - Broken Access Control vulnerability |
| CVE-2025-22591 | WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability |
| CVE-2025-22592 | WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability |
| CVE-2025-22607 | Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak |
| CVE-2025-22608 | Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) |
| CVE-2025-22609 | Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE) |
| CVE-2025-22647 | WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-13179 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery |
| CVE-2025-1325 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitra... |
| CVE-2025-1326 | Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reserva... |
| CVE-2025-1481 | Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export |
| CVE-2025-1483 | LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-1502 | IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export |
| CVE-2025-1504 | Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure |
| CVE-2025-1507 | ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation |
| CVE-2025-1508 | WP Crowdfunding <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Post Content Download |
| CVE-2025-1528 | Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure |
| CVE-2025-22265 | WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability |
| CVE-2025-22280 | WordPress DefendWP Firewall Plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-22285 | WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability |
| CVE-2025-1682 | Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-1745 | LinZhaoguan pb-cms Logout cross-site request forgery |
| CVE-2025-1766 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment... |
| CVE-2025-1777 | BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_p... |
| CVE-2025-1778 | Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete |
| CVE-2025-1780 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limi... |
| CVE-2025-1813 | zj1983 zz cross-site request forgery |
| CVE-2025-22385 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B appli... |
| CVE-2025-2246 | Missing Authorization in GitLab |
| CVE-2025-22512 | WordPress Help Scout Plugin <= 6.5.1 - Broken Access Control vulnerability |
| CVE-2025-2289 | Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates |
| CVE-2025-2290 | LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing |
| CVE-2025-2298 | Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software |
| CVE-2025-23025 | Privilege escalation (PR) through realtime WYSIWYG editing in XWiki |
| CVE-2025-23187 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-23188 | Missing Authorization check in SAP S/4HANA (RBD) |
| CVE-2025-22657 | WordPress Atarim plugin <= 4.0.9 - Arbitrary Content Deletion vulnerability |
| CVE-2025-2266 | Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update |
| CVE-2025-22665 | WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability |
| CVE-2025-22667 | WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control v... |
| CVE-2025-23189 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-23190 | Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI) |
| CVE-2025-23423 | WordPress SendGrid for WordPress plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-23440 | WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23477 | WordPress Realty Workstation plugin <= 1.0.45 - Broken Access Control vulnerability |
| CVE-2025-23486 | WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-23512 | WordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23514 | WordPress Loginplus plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-23515 | WordPress ts-tree plugin 0.1.1 - <= Arbitrary Content Deletion vulnerability |
| CVE-2025-23527 | WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23529 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23534 | WordPress WPLingo plugin <= 1.1.2 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23761 | WordPress Woo Tuner plugin <= 0.1.2 - Broken Access Control vulnerability |
| CVE-2025-22668 | WordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2025-2267 | WP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download |
| CVE-2025-22670 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability |
| CVE-2025-22610 | Coolify Vulnerable to OAuth Secrets Leak |
| CVE-2025-22611 | Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE) |
| CVE-2025-22612 | Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE) |
| CVE-2025-2262 | Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-22739 | WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability |
| CVE-2025-22740 | WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability |
| CVE-2025-2276 | Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation |
| CVE-2025-22770 | WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-22779 | WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-22787 | WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-22800 | WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability |
| CVE-2025-23613 | WordPress WP Journal plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-23615 | WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-23656 | WordPress Donate visa plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23684 | WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-22671 | WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-22673 | WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability |
| CVE-2025-22677 | WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-2407 | Missing Authentication & Authorization in Web-API allows adversary unrestricted access |
| CVE-2025-2420 | 猫宁i Morning cross-site request forgery |
| CVE-2025-24571 | WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability |
| CVE-2025-24577 | WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability |
| CVE-2025-24580 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-24581 | WordPress Instantio plugin <= 3.3.7 - Settings Change vulnerability |
| CVE-2025-24583 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerability |
| CVE-2025-24584 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2025-24588 | WordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-24589 | WordPress JSM Show Post Metadata plugin <= 4.6.0 - Broken Access Control vulnerability |
| CVE-2025-24590 | WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2025-24591 | WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability |
| CVE-2025-24594 | WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.7 - CSRF to Broken Access Control vulnerability |
| CVE-2025-24596 | WordPress WooCommerce Product Table Lite plugin <= 3.8.7 - Broken Access Control vulnerability |
| CVE-2025-24600 | WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability |
| CVE-2025-22287 | WordPress LTL Freight Quotes – FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-22289 | WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability |
| CVE-2025-22291 | WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerability |
| CVE-2025-22298 | WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-22299 | WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-22302 | WordPress WP Wand plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2025-22304 | WordPress WP Visitor Statistics plugin <= 7.3 - Broken Access Control vulnerability |
| CVE-2025-22318 | WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability |
| CVE-2025-22319 | WordPress MashShare plugin <= 4.0.47 - Broken Access Control vulnerability |
| CVE-2025-22363 | WordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-23849 | WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability |
| CVE-2025-23862 | WordPress Contact Form 7 Anti Spambot plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-23906 | WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability |
| CVE-2025-23916 | WordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerability |
| CVE-2025-23917 | WordPress Chamber Dashboard Business Directory Plugin <= 3.3.8 - Broken Access Control vulnerability |
| CVE-2025-23763 | WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability |
| CVE-2025-23764 | WordPress Copy Move Posts plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2025-23766 | WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability |
| CVE-2025-23771 | WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability |
| CVE-2025-23773 | WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-23776 | WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability |
| CVE-2025-23778 | WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2025-23785 | WordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-24662 | WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability |
| CVE-2025-24679 | WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2025-24682 | WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability |
| CVE-2025-24691 | WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability |
| CVE-2025-24692 | WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-24693 | WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-24697 | WordPress Image Gallery – Responsive Photo Gallery plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2025-22681 | WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-22686 | WordPress CF7 Google Sheets Connector plugin <= 5.0.17 - Broken Access Control vulnerability |
| CVE-2025-22694 | WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2025-22696 | WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulner... |
| CVE-2025-22698 | WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability |
| CVE-2025-22702 | WordPress Photography theme <= 7.5.2 - Broken Access Control vulnerability |
| CVE-2025-22717 | WordPress My Tickets plugin <= 2.0.9 - Broken Access Control vulnerability |
| CVE-2025-22720 | WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2025-24603 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.10 - Brok... |
| CVE-2025-24604 | WordPress Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin <= 3.0.5 - Broken Access Control vulnerab... |
| CVE-2025-24606 | WordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Con... |
| CVE-2025-24607 | WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability |
| CVE-2025-24613 | WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability |
| CVE-2025-24618 | WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2025-24625 | WordPress Taxonomy/Term and Role based Discounts for WooCommerce plugin <= 5.1 - Cross Site Request Forgery (CSRF) to Setting... |
| CVE-2025-24633 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-24642 | WordPress Setup Default Featured Image plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-24643 | WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability |
| CVE-2025-24649 | WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability |
| CVE-2025-24652 | WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-24653 | WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability |
| CVE-2025-24654 | WordPress Squirrly SEO plugin <= 12.4.05 - Broken Access Control vulnerability |
| CVE-2025-24762 | WordPress TicketBAI Facturas para WooCommerce <= 3.19 - Broken Access Control Vulnerability |
| CVE-2025-23929 | WordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-23930 | WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-23954 | WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-23955 | WordPress Xola plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2025-23957 | WordPress Sur.ly plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-23958 | WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-23961 | WordPress WordPress Graphs & Charts Plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-23962 | WordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-23963 | WordPress Mark Posts plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2025-23971 | WordPress KI Live Video Conferences <= 5.5.15 - Broken Access Control Vulnerability |
| CVE-2025-23982 | WordPress Fare Calculator plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23991 | WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2025-23999 | WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability |
| CVE-2025-24021 | iTop doesn't have mass assignment of fields in the portal form |
| CVE-2025-22721 | WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability |
| CVE-2025-22722 | WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability |
| CVE-2025-22729 | WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability |
| CVE-2025-22730 | WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2025-25120 | WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-25167 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-25241 | Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests) |
| CVE-2025-25244 | Missing Authorization Check in SAP Business Warehouse (Process Chains) |
| CVE-2025-2568 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited A... |
| CVE-2025-26367 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26368 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26369 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26370 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26371 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26372 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26373 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to vers... |
| CVE-2025-26374 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to ver... |
| CVE-2025-26375 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-24763 | WordPress bbPress API <= 1.0.14 - Broken Access Control Vulnerability |
| CVE-2025-24776 | WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-24778 | WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-24972 | Discourse may bypass user preference when adding users to chat groups |
| CVE-2025-24974 | DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2025-2506 | When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with C... |
| CVE-2025-25081 | WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-25110 | WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-26655 | Missing Authorization check in SAP JIT(Outbound) |
| CVE-2025-26656 | Missing Authorization check in S/4HANA (Manage Purchasing Info Records) |
| CVE-2025-26657 | Information Disclosure vulnerability in SAP KMC WPC |
| CVE-2025-26661 | Missing Authorization check in SAP NetWeaver (ABAP Class Builder) |
| CVE-2025-26733 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-26741 | WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability |
| CVE-2025-22737 | WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2025-27356 | WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-27428 | Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) |
| CVE-2025-24705 | WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-24725 | WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability |
| CVE-2025-24734 | WordPress Better Find and Replace plugin <= 1.6.7 - Privilege Escalation vulnerability |
| CVE-2025-24736 | WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability |
| CVE-2025-24737 | WordPress WP Helper Premium plugin <= 4.6.1 - Broken Access Control vulnerability |
| CVE-2025-24743 | WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2025-24744 | WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2025-24747 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-24750 | WordPress ExactMetrics plugin <= 8.1.0 - Broken Access Control vulnerability |
| CVE-2025-24751 | WordPress CoBlocks plugin <= 3.1.13 - Broken Access Control vulnerability |
| CVE-2025-24753 | WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2025-24754 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-26773 | WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability |
| CVE-2025-26867 | WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-26871 | WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability |
| CVE-2025-27432 | Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit) |
| CVE-2025-27435 | Information Disclosure Vulnerability in SAP Commerce Cloud |
| CVE-2025-27437 | Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface) |
| CVE-2025-28938 | WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-28962 | WordPress Advanced Google Universal Analytics plugin <= 1.0.3 - Broken Access Control to Sensitive Data Exposure vulnerabilit... |
| CVE-2025-28965 | WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability |
| CVE-2025-28985 | WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-28994 | WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability |
| CVE-2025-28995 | WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability |
| CVE-2025-28996 | WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability |
| CVE-2025-28997 | WordPress WP AutoKeyword <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-26376 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26377 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26378 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26920 | WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability |
| CVE-2025-26928 | WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2025-26942 | WordPress JetTricks <= 1.5.1 - Broken Access Control Vulnerability |
| CVE-2025-26944 | WordPress JetPopup <= 2.0.11 - Broken Access Control Vulnerability |
| CVE-2025-26948 | WordPress Pie Register Premium plugin <= 3.8.3.2 - Broken Access Control vulnerability |
| CVE-2025-26953 | WordPress JetMenu <= 2.4.9 - Broken Access Control Vulnerability |
| CVE-2025-26955 | WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-26956 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-26958 | WordPress JetBlog <= 2.4.3 - Broken Access Control Vulnerability |
| CVE-2025-26959 | WordPress Administrator Z <= 2025.03.24 - Privilege Escalation Vulnerability |
| CVE-2025-26960 | WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Broken Access Control vulnerability |
| CVE-2025-26961 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2025-29000 | WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability |
| CVE-2025-29001 | WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability |
| CVE-2025-26883 | WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-26888 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability |
| CVE-2025-26901 | WordPress Brizy Pro plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2025-2876 | MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User... |
| CVE-2025-28872 | WordPress Block Spam By Math Reloaded plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2025-28920 | WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2025-29756 | MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters |
| CVE-2025-30017 | Missing Authorization check in SAP Solution Manager |
| CVE-2025-3037 | yzk2356911358 StudentServlet-JSP cross-site request forgery |
| CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability |
| CVE-2025-30543 | WordPress Menu Duplicator plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-3058 | Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-30581 | WordPress Top Bar - <= <=3.3 Broken Access Control Vulnerability |
| CVE-2025-30591 | WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability |
| CVE-2025-29006 | WordPress Direct Checkout for WooCommerce Lite <= 1.0.3 - Broken Access Control Vulnerability |
| CVE-2025-29007 | WordPress LMSACE Connect plugin <= 3.4 - Broken Access Control Vulnerability |
| CVE-2025-29010 | WordPress Behance Portfolio Manager <= 1.7.4 - Broken Access Control Vulnerability |
| CVE-2025-29012 | WordPress CF7 7 Mailchimp Add-on plugin <= 2.2 - Broken Access Control Vulnerability |
| CVE-2025-29013 | WordPress Custom Category/Post Type Post order <= 1.5.9 - Broken Access Control Vulnerability |
| CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update |
| CVE-2025-2933 | Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-30790 | WordPress Chatbox Manager <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-26750 | WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2025-26764 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability |
| CVE-2025-26765 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability |
| CVE-2025-27103 | Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2025-2719 | Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2... |
| CVE-2025-27270 | WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-27294 | WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-27296 | WordPress Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settings Change vulnerability |
| CVE-2025-27310 | WordPress Page and Post Lister plugin <= 1.2.1 - Arbitrary Content Deletion vulnerability |
| CVE-2025-27461 | CVE-2025-27461 |
| CVE-2025-27505 | GeoServer Missing Authorization on REST API Index |
| CVE-2025-2779 | Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options U... |
| CVE-2025-2789 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated... |
| CVE-2025-2807 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitra... |
| CVE-2025-2815 | Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-2816 | Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2025-2821 | Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification |
| CVE-2025-30592 | WordPress Advanced Dewplayer - <= <= 1.6 Broken Access Control Vulnerability |
| CVE-2025-30605 | WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability |
| CVE-2025-30624 | WordPress WordLift <= 3.54.4 - Broken Access Control Vulnerability |
| CVE-2025-3063 | Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-30636 | WordPress Accessibility Suite <= 4.19 - Broken Access Control Vulnerability |
| CVE-2025-30639 | WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability |
| CVE-2025-30767 | WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-30772 | WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerabi... |
| CVE-2025-31041 | WordPress AnyTrack Affiliate Link Manager <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-31042 | WordPress Sandwich Adsense <= 4.0.2 - Broken Access Control Vulnerability |
| CVE-2025-31063 | WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-31065 | WordPress Rozario <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-31066 | WordPress Acerola <= 1.6.5 - Broken Access Control Vulnerability |
| CVE-2025-31071 | WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-30797 | WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulne... |
| CVE-2025-26968 | WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability |
| CVE-2025-26969 | WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability |
| CVE-2025-26975 | WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2025-26983 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability |
| CVE-2025-26995 | WordPress Market Exporter plugin <= 2.0.21 - Broken Access Control vulnerability |
| CVE-2025-27000 | WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-27008 | WordPress Unlimited Timeline < 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-27013 | WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-30894 | WordPress WP Fast Total Search plugin <= 1.79.262 - Broken Access Control vulnerability |
| CVE-2025-30896 | WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability |
| CVE-2025-30897 | WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability |
| CVE-2025-30909 | WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability |
| CVE-2025-30915 | WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability |
| CVE-2025-30916 | WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2025-30926 | WordPress King Addons for Elementor plugin <= 24.12.58 - Broken Access Control Vulnerability |
| CVE-2025-31171 | File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerabil... |
| CVE-2025-31469 | WordPress Clear Sucuri Cache <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-3150 | itning Student Homework Management System cross-site request forgery |
| CVE-2025-31525 | WordPress WP Mobile Bottom Menu plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-31528 | WordPress StaticPress plugin <= 0.4.5 - Broken Access Control vulnerability |
| CVE-2025-31529 | WordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2025-31530 | WordPress Google SEO Pressor Snippet plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2025-31533 | WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-31539 | WordPress Cryptocurrency Widgets Pack plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-31540 | WordPress ACME Divi Modules plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2025-31541 | WordPress TuriTop Booking System plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-31544 | WordPress Swiss Toolkit For WP plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2025-31545 | WordPress Safe Ai Malware Protection for WP plugin <= 1.0.20 - Broken Access Control vulnerability |
| CVE-2025-31546 | WordPress Swiss Toolkit For WP plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2025-30803 | WordPress Just Writing Statistics plugin <= 5.3 - Broken Access Control vulnerability |
| CVE-2025-30809 | WordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerabil... |
| CVE-2025-30817 | WordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerability |
| CVE-2025-30821 | WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability |
| CVE-2025-30824 | WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability |
| CVE-2025-30825 | WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability |
| CVE-2025-2832 | mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery |
| CVE-2025-3124 | Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private re... |
| CVE-2025-31338 | Wisdom Master Pro - Missing Authorization |
| CVE-2025-31376 | WordPress NanoSupport plugin <= 0.6.0 - Broken Access Control vulnerability |
| CVE-2025-31377 | WordPress Woo Product Feed For Marketing Channels <= 1.9.0 - Broken Access Control Vulnerability |
| CVE-2025-31381 | WordPress Booking Calendar and Notification plugin <= 4.0.3 - Broken Authentication vulnerability |
| CVE-2025-31386 | WordPress Simple:Press plugin <= 6.10.11 - Broken Access Control vulnerability |
| CVE-2025-31406 | WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-31408 | WordPress Zoho Flow plugin <= 2.13.3 - Broken Access Control vulnerability |
| CVE-2025-31415 | WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-31417 | WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability |
| CVE-2025-31425 | WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31678 | AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004 |
| CVE-2025-31681 | Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 |
| CVE-2025-31685 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014 |
| CVE-2025-30927 | WordPress Wordapp <= 1.7.0 - Broken Access Control Vulnerability |
| CVE-2025-30929 | WordPress fluXtore plugin <= 1.6.0 - Broken Access Control Vulnerability |
| CVE-2025-30932 | WordPress WP Compress for MainWP <= 6.30.32 - Broken Access Control Vulnerability |
| CVE-2025-30934 | WordPress 診断ジェネレータ作成プラグイン <= 1.4.16 - Broken Access Control Vulnerability |
| CVE-2025-30944 | WordPress Tablesome Table Premium <= 1.1.23 - Broken Access Control Vulnerability |
| CVE-2025-30945 | WordPress Taskbuilder <= 4.0.3 - Broken Access Control Vulnerability |
| CVE-2025-30957 | WordPress Activity Plus Reloaded for BuddyPress <= 1.1.2 - Broken Access Control Vulnerability |
| CVE-2025-30958 | WordPress onOffice for WP-Websites <= 5.7 - Broken Access Control Vulnerability |
| CVE-2025-30959 | WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability |
| CVE-2025-30960 | WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability |
| CVE-2025-30974 | WordPress Post Grid Master <= 3.4.13 - Broken Access Control Vulnerability |
| CVE-2025-30978 | WordPress Slack Notifications by dorzki <= 2.0.7 - Broken Access Control Vulnerability |
| CVE-2025-30990 | WordPress ThemeHunk <= 1.1.1 - Broken Access Control Vulnerability |
| CVE-2025-30993 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Broken Access Control Vulnerability |
| CVE-2025-30828 | WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability |
| CVE-2025-30830 | WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-30839 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-31555 | WordPress ContentMX Content Publisher plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-31576 | WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability |
| CVE-2025-31580 | WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability |
| CVE-2025-31581 | WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability |
| CVE-2025-31584 | WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31596 | WordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-31603 | WordPress CF7 Spreadsheets plugin <= 2.3.2 - Settings Change vulnerability |
| CVE-2025-31606 | WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-31609 | WordPress WPCargo Track & Trace plugin <= 7.0.6 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-31611 | WordPress Auto Post After Image Upload plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2025-31618 | WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-31628 | WordPress Sliced Invoices plugin <= 3.9.4 - Broken Access Control vulnerability |
| CVE-2025-31630 | WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-32045 | Moodle: hidden grades shown to users without permission on some grade reports |
| CVE-2025-32147 | WordPress Easy WP Optimizer Plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-30851 | WordPress Tickera plugin <= 3.5.5.2 - Broken Access Control vulnerability |
| CVE-2025-31686 | Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015 |
| CVE-2025-31691 | OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020 |
| CVE-2025-31729 | WordPress WooTumblog plugin <= 2.1.4 - Content Injection vulnerability |
| CVE-2025-31732 | WordPress GB Gallery Slideshow plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-31736 | WordPress Rich Text Editor Plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31739 | WordPress Minimalistic Event Manager plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-31746 | WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-31752 | WordPress Bulk Fields Editor plugin <= 1.8.0 - Broken Access Control vulnerability |
| CVE-2025-31755 | WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31757 | WordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerability |
| CVE-2025-31758 | WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31765 | WordPress GDPR Cookie Notice plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2025-31768 | WordPress Widget Manager Light plugin <= 1.18 - Broken Access Control vulnerability |
| CVE-2025-31773 | WordPress Ship Per Product plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2025-31000 | WordPress Payment QR WooCommerce <= 1.1.6 - Broken Access Control Vulnerability |
| CVE-2025-31004 | WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-31012 | WordPress Age Gate <= 3.5.4 - Broken Access Control Vulnerability |
| CVE-2025-31780 | WordPress Append Content plugin <= 2.1.1 - CSRF to Settings Change vulnerability |
| CVE-2025-31781 | WordPress Gift Cards for WooCommerce plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2025-31782 | WordPress mb.YTPlayer plugin <= 3.3.8 - Broken Access Control vulnerability |
| CVE-2025-31786 | WordPress Simple Icons plugin <= 2.8.4 - Broken Access Control vulnerability |
| CVE-2025-31787 | WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability |
| CVE-2025-31789 | WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-31791 | WordPress Pin Generator Plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-31794 | WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31795 | WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability |
| CVE-2025-31798 | WordPress Publitio Plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-31799 | WordPress Publitio plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-30853 | WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability |
| CVE-2025-30855 | WordPress Ads by WPQuads plugin <= 2.0.87.1 - Broken Access Control Vulnerability |
| CVE-2025-30861 | WordPress Five Star Restaurant Reservations plugin <= 2.6.29 - Broken Access Control vulnerability |
| CVE-2025-30864 | WordPress Exchange Rates plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-30866 | WordPress Terms & Conditions Per Product plugin <= 1.2.15 - Broken Access Control Vulnerability |
| CVE-2025-30874 | WordPress Specific Content For Mobile plugin <= 0.5.3 - Broken Access Control vulnerability |
| CVE-2025-30877 | WordPress Quiz Cat plugin <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2025-30880 | WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability |
| CVE-2025-30881 | WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-30883 | WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2025-30887 | WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability |
| CVE-2025-32542 | WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability |
| CVE-2025-31802 | WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Settings Change vulnerability |
| CVE-2025-31810 | WordPress Question Answer Plugin <= 1.2.70 - Broken Access Control vulnerability |
| CVE-2025-31816 | WordPress Mobile App Canvas Plugin <= 3.8.1 - Broken Access Control vulnerability |
| CVE-2025-31820 | WordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-31822 | WordPress WordPress Simple HTML Sitemap plugin <= 3.2 - Broken Access Control vulnerability |
| CVE-2025-31826 | WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2025-31830 | WordPress Printus Plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2025-31831 | WordPress AtomChat plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-31834 | WordPress JobBoard Job listing plugin Plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-31836 | WordPress Review Manager Plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-31841 | WordPress FPW Category Thumbnails Plugin <= 1.9.5 - Broken Access Control vulnerability |
| CVE-2025-31843 | WordPress OpenAI Tools for WordPress & WooCommerce plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2025-31846 | WordPress Theater for WordPress plugin <= 0.18.7 - Broken Access Control vulnerability |
| CVE-2025-31848 | WordPress WordPress Adverts Plugin plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-32178 | WordPress 6Storage Rentals Plugin <= 2.18.0 - Broken Access Control vulnerability |
| CVE-2025-32180 | WordPress CSS3 Tooltips for WordPress <= 1.8 - Broken Access Control Vulnerability |
| CVE-2025-32201 | WordPress Xpro Theme Builder Plugin <= 1.2.8.3 - Broken Access Control vulnerability |
| CVE-2025-32208 | WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-32210 | WordPress CM Registration and Invitation Codes plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2025-32212 | WordPress Specia Companion plugin <= 4.6 - Broken Access Control vulnerability |
| CVE-2025-32213 | WordPress Flo Forms plugin <= 1.0.43 - Broken Access Control vulnerability |
| CVE-2025-32216 | WordPress Spider Elements – Addons for Elementor plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2025-32217 | WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-32218 | WordPress TableOn – WordPress Posts Table Filterable Plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-32219 | WordPress eaSYNC plugin <= 1.3.19 - Broken Access Control vulnerability |
| CVE-2025-32220 | WordPress Salon Booking System plugin <= 10.10.7 - Broken Access Control vulnerability |
| CVE-2025-32221 | WordPress EazyDocs plugin <= 2.6.4 - Broken Access Control vulnerability |
| CVE-2025-32224 | WordPress Privyr CRM plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-32225 | WordPress WP Event Manager plugin <= 3.1.47 - Broken Access Control vulnerability |
| CVE-2025-32226 | WordPress Display product variations dropdown on shop page plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-32229 | WordPress Variable Inspector plugin <= 2.6.3 - Broken Access Control vulnerability |
| CVE-2025-32231 | WordPress Bookingor plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-32232 | WordPress StaffList plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-32233 | WordPress Revive.so <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-32234 | WordPress AdMail plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2025-32235 | WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerabi... |
| CVE-2025-32684 | WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability |
| CVE-2025-32688 | WordPress Target Video Easy Publish plugin <= 3.8.8 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-32929 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability |
| CVE-2025-32973 | org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right |
| CVE-2025-33182 | NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corr... |
| CVE-2025-33185 | NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successfu... |
| CVE-2025-31774 | WordPress Astra Security Suite plugin<= 0.2 - Broken Access Control vulnerability |
| CVE-2025-31777 | WordPress Clockinator Lite plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-32236 | WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerability |
| CVE-2025-32237 | WordPress MasterStudy LMS plugin <= 3.5.23 - Broken Access Control vulnerability |
| CVE-2025-32239 | WordPress Social Share Buttons & Analytics Plugin plugin <= 4.5 - Broken Access Control vulnerability |
| CVE-2025-32240 | WordPress Site Notify <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-32242 | WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-32243 | WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability |
| CVE-2025-32244 | WordPress SEO Help plugin <= 6.6.1 - Broken Access Control vulnerability |
| CVE-2025-32246 | WordPress 1-Click Backup & Restore Database <= 1.0.3 - Broken Access Control Vulnerability |
| CVE-2025-32252 | WordPress WP Genealogy plugin <= 0.1.9 - Broken Access Control vulnerability |
| CVE-2025-32253 | WordPress Course Booking System Plugin <= 6.0.5 - Broken Access Control vulnerability |
| CVE-2025-32254 | WordPress WPBookit plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-32256 | WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability |
| CVE-2025-3417 | Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-3437 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard... |
| CVE-2025-3452 | SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2025-3527 | EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cros... |
| CVE-2025-3557 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery |
| CVE-2025-3561 | ghostxbh uzy-ssm-mall cross-site request forgery |
| CVE-2025-3604 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2025-3624 | Missing Authorization Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-36361 | IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA |
| CVE-2025-36367 | IBM i is affected by a privilege escalation in IBM i SQL services |
| CVE-2025-36756 | Device Takeover vulnerability in SolaX Cloud |
| CVE-2025-3687 | misstt123 oasys Sticky Notes cross-site request forgery |
| CVE-2025-3701 | WordPress Malcure Malware Scanner plugin <= 16.8 - Broken Access Control vulnerability |
| CVE-2025-3702 | WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-32544 | WordPress WooCommerce Loyal Customers plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-3257 | xujiangfei admintwo updateSet cross-site request forgery |
| CVE-2025-31854 | WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2025-31856 | WordPress Export All Post Meta Plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-31858 | WordPress Local Magic Plugin <= 2.6.0 - Broken Access Control vulnerability |
| CVE-2025-31862 | WordPress Job Board Manager Plugin <= 2.1.60 - Broken Access Control vulnerability |
| CVE-2025-31863 | WordPress Agency Toolkit plugin <= 1.0.23 - Broken Access Control vulnerability |
| CVE-2025-31865 | WordPress CartBoss plugin <= 4.1.2 - Broken Access Control vulnerability |
| CVE-2025-31866 | WordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerability |
| CVE-2025-31868 | WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-31870 | WordPress WP AutoKeyword plugin <= 1.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31872 | WordPress WP Clone any post type Plugin <= 3.4 - Broken Access Control vulnerability |
| CVE-2025-31876 | WordPress Payday plugin <= 3.3.12 - Broken Access Control vulnerability |
| CVE-2025-31877 | WordPress RestroPress plugin <= 3.1.8.4 - Broken Access Control vulnerability |
| CVE-2025-31878 | WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Settings Change vulnerability |
| CVE-2025-31879 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Settings Change vulnerability |
| CVE-2025-32593 | WordPress Add Product Frontend for WooCommerce plugin <= 1.0.6 - Arbitrary Content Deletion vulnerability |
| CVE-2025-32620 | WordPress Doppler Forms plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2025-32624 | WordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32258 | WordPress Simple Website Logo plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-32259 | WordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing Vulnerability |
| CVE-2025-32260 | WordPress DethemeKit For Elementor plugin <= 2.1.10 - Broken Access Control vulnerability |
| CVE-2025-32277 | WordPress RepairBuddy plugin <= 3.8211 - Broken Access Control vulnerability |
| CVE-2025-32279 | WordPress Live Forms plugin <= 4.8.5 - Broken Access Control vulnerability |
| CVE-2025-32281 | WordPress WPKit For Elementor plugin <= 1.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-32295 | WordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerability |
| CVE-2025-32296 | WordPress Simple Link Directory Pro plugin <= 14.7.3 - Broken Access Control Vulnerability |
| CVE-2025-32308 | WordPress Team Builder <= 1.5.7 - Broken Access Control Vulnerability |
| CVE-2025-3746 | OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation |
| CVE-2025-3766 | Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting |
| CVE-2025-3780 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorizatio... |
| CVE-2025-3808 | zhenfeng13 My-BBS cross-site request forgery |
| CVE-2025-39350 | WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability |
| CVE-2025-39352 | WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability |
| CVE-2025-39353 | WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability |
| CVE-2025-39447 | WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability |
| CVE-2025-39449 | WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability |
| CVE-2025-39451 | WordPress JetBlocks For Elementor <= 1.3.16 - Broken Access Control Vulnerability |
| CVE-2025-39454 | WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability |
| CVE-2025-39456 | WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-39457 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability |
| CVE-2025-39460 | WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability |
| CVE-2025-39465 | WordPress Advanced Google Maps plugin <= 5.8.4 - Broken Access Control vulnerability |
| CVE-2025-39482 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - Broken Access Control vulnerability |
| CVE-2025-3949 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Au... |
| CVE-2025-39493 | WordPress Rankie <= 1.8.0 - Broken Access Control Vulnerability |
| CVE-2025-39511 | WordPress Pinterest Automatic Pin <= 4.18.2 - Broken Access Control Vulnerability |
| CVE-2025-39513 | WordPress ActiveDEMAND <= 0.2.46 - Broken Access Control Vulnerability |
| CVE-2025-3952 | Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary O... |
| CVE-2025-39522 | WordPress Dynamic Post <= 4.10 - Settings Change Vulnerability |
| CVE-2025-3953 | WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subsc... |
| CVE-2025-39531 | WordPress Slazzer Background Changer <= 3.14 - Broken Access Control Vulnerability |
| CVE-2025-39532 | WordPress Spice Blocks <= 2.0.7.1 - Broken Access Control Vulnerability |
| CVE-2025-39533 | WordPress Starfish Review Generation & Marketing plugin <= 3.1.14 - Arbitrary Option Update to Privilege Escalation vulnerabi... |
| CVE-2025-39536 | WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-39541 | WordPress WP Simple Booking Calendar plugin <= 2.0.13 - Broken Access Control vulnerability |
| CVE-2025-39545 | WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability |
| CVE-2025-4095 | Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile |
| CVE-2025-3843 | panhainan DS-Java cross-site request forgery |
| CVE-2025-3863 | Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form... |
| CVE-2025-3871 | Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier |
| CVE-2025-3876 | SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCrea... |
| CVE-2025-3906 | Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalatio... |
| CVE-2025-3912 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive... |
| CVE-2025-3915 | Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion |
| CVE-2025-3997 | dazhouda lecms Personal Information Page index.php cross-site request forgery |
| CVE-2025-4046 | Missing Authorization in Lexmark Cloud Services badge management |
| CVE-2025-4047 | Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View |
| CVE-2025-40667 | Missing authorization vulnerability in TCMAN GIM v11 |
| CVE-2025-40673 | Missing Authorization in DinoRANK |
| CVE-2025-40837 | Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability |
| CVE-2025-41335 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-4105 | Splitit <= 4.2.8 - Missing Authorization to Multiple Administrative Actions |
| CVE-2025-41111 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41112 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41113 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41114 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41698 | Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization |
| CVE-2025-4177 | Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion |
| CVE-2025-4179 | Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation |
| CVE-2025-4282 | SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery |
| CVE-2025-42882 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42899 | Missing Authorization check in SAP S4CORE (Manage Journal Entries) |
| CVE-2025-42911 | Missing Authorization check in SAP NetWeaver (Service Data Download) |
| CVE-2025-42912 | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42913 | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-41336 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41337 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41338 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41339 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41340 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41341 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41342 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41343 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41344 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41345 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41410 | Slack import bypasses email verification for team access controls |
| CVE-2025-41443 | Guest user can discover active public channels |
| CVE-2025-4327 | MRCMS cross-site request forgery |
| CVE-2025-4339 | TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update |
| CVE-2025-4370 | Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2025-39362 | WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-39367 | WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability |
| CVE-2025-39368 | WordPress Rootspersona plugin <= 3.7.5 - Broken Access Control vulnerability |
| CVE-2025-39373 | WordPress JNews theme <= 11.6.5 - Broken Access Control vulnerability |
| CVE-2025-39376 | WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-39385 | WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-39388 | WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-39390 | WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2025-39398 | WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue theme <= 4.2.2 - Broken Access Control vulnerability |
| CVE-2025-39412 | WordPress Master Slider plugin <= 3.10.8 - Broken Access Control vulnerability |
| CVE-2025-39413 | WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.14 - Broken Access Control vulnerability |
| CVE-2025-42949 | Missing Authorization check in ABAP Platform |
| CVE-2025-42952 | Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis |
| CVE-2025-42953 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42955 | Missing authorization check in SAP Cloud Connector |
| CVE-2025-42960 | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools |
| CVE-2025-42961 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42968 | Missing Authorization check in SAP NetWeaver (RFC enabled function module) |
| CVE-2025-42974 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-42982 | Information Disclosure in SAP GRC (AC Plugin) |
| CVE-2025-42983 | Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis |
| CVE-2025-42984 | Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application) |
| CVE-2025-42986 | Missing Authorization check in SAP NetWeaver and ABAP Platform |
| CVE-2025-42987 | Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement) |
| CVE-2025-42989 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42991 | Missing Authorization check in SAP S/4HANA (Bank Account Application) |
| CVE-2025-42993 | Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement) |
| CVE-2025-43000 | Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) |
| CVE-2025-43004 | Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) |
| CVE-2025-43773 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7... |
| CVE-2025-4520 | Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2025-4522 | IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_pos... |
| CVE-2025-4571 | GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign D... |
| CVE-2025-45854 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. |
| CVE-2025-4597 | Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbi... |
| CVE-2025-46232 | WordPress Download Alt Text AI <= 1.9.93 - Broken Access Control Vulnerability |
| CVE-2025-46244 | WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability |
| CVE-2025-46247 | WordPress Appointment Booking Calendar <= 1.3.92 - Broken Access Control Vulnerability |
| CVE-2025-46258 | WordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerability |
| CVE-2025-46259 | WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability |
| CVE-2025-46586 | Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect avai... |
| CVE-2025-46745 | Improper Privilege Management |
| CVE-2025-46811 | SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint |
| CVE-2025-42914 | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42915 | Missing Authorization Check in Fiori app (Manage Payment Blocks) |
| CVE-2025-42917 | Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application) |
| CVE-2025-42918 | Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing) |
| CVE-2025-47450 | WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability |
| CVE-2025-47457 | WordPress LocateAndFilter <= 1.6.16 - Broken Access Control Vulnerability |
| CVE-2025-47463 | WordPress Stock Locations for WooCommerce <= 2.8.6 - Broken Access Control Vulnerability |
| CVE-2025-47465 | WordPress Blocksy <= 2.0.97 - Broken Access Control Vulnerability |
| CVE-2025-47580 | WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability |
| CVE-2025-47585 | WordPress Booking and Rental Manager <= 2.3.8 - Broken Access Control Vulnerability |
| CVE-2025-47591 | WordPress Bulk Featured Image <= 1.2.1 - Broken Access Control Vulnerability |
| CVE-2025-47601 | WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-47602 | WordPress Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Broken Access Control Vulnerability |
| CVE-2025-47612 | WordPress ClickWhale <= 2.4.6 - Broken Access Control Vulnerability |
| CVE-2025-47619 | WordPress 6Storage Rentals <= 2.19.4 - Broken Access Control Vulnerability |
| CVE-2025-43007 | Missing Authorization check in SAP Service Parts Management (SPM) |
| CVE-2025-43008 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal |
| CVE-2025-43009 | Missing Authorization check in SAP Service Parts Management (SPM) |
| CVE-2025-43011 | Missing Authorization Check in SAP Landscape Transformation (PCL Basis) |
| CVE-2025-43788 | The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 upd... |
| CVE-2025-43805 | Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and... |
| CVE-2025-43838 | WordPress Custom PC Builder Lite for WooCommerce <= 1.0.1 - Settings Change Vulnerability |
| CVE-2025-43862 | Dify Allows Unauthorized Access and Modification of APP Orchestration |
| CVE-2025-44001 | Unauthorized Channel Subscription Read in Mattermost Confluence Plugin |
| CVE-2025-4430 | Unauthorized file manipulation in EZD RP |
| CVE-2025-4477 | TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation |
| CVE-2025-46348 | YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download |
| CVE-2025-46470 | WordPress Smart Hashtags [#hashtagger] <= 7.2.3 - Broken Access Control Vulnerability |
| CVE-2025-46485 | WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability |
| CVE-2025-46488 | WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-31881 | WordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2025-31882 | WordPress WordPress Webinar Plugin <= 1.33.27 - Broken Access Control vulnerability |
| CVE-2025-31886 | WordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerability |
| CVE-2025-31887 | WordPress MyBookProgress plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-31896 | WordPress GetBookingsWP Plugin <= 1.1.27 - Broken Access Control vulnerability |
| CVE-2025-31909 | WordPress Apptivo Business Site CRM plugin <= 5.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31923 | WordPress CSS3 Accordions for WordPress <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-39552 | WordPress Zephyr Project Manager <= 3.3.200 - Broken Access Control Vulnerability |
| CVE-2025-39553 | WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-39554 | WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-39559 | WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability |
| CVE-2025-39560 | WordPress Live Forms plugin <= 4.8.4 - Broken Access Control vulnerability |
| CVE-2025-39571 | WordPress WowStore <= 4.2.4 - Broken Access Control Vulnerability |
| CVE-2025-39580 | WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability |
| CVE-2025-39583 | WordPress BERTHA AI <= 1.12.10.2 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-3959 | withstars Books-Management-System reader_delete.html cross-site request forgery |
| CVE-2025-39591 | WordPress WP Subscription Forms <= 1.2.3 - Broken Access Control Vulnerability |
| CVE-2025-3960 | withstars Books-Management-System Background Interface allreaders.html authorization |
| CVE-2025-39602 | WordPress WooCommerce Product Table Lite plugin <= 3.9.5 - Broken Access Control vulnerability |
| CVE-2025-3963 | withstars Books-Management-System Background Interface list authorization |
| CVE-2025-3964 | withstars Books-Management-System Article del cross-site request forgery |
| CVE-2025-3979 | dazhouda lecms Password Change index.php cross-site request forgery |
| CVE-2025-47688 | WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-47690 | WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-47692 | WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-47709 | Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055 |
| CVE-2025-47942 | Learners on edX Platform can download python_lib.zip |
| CVE-2025-48009 | Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 |
| CVE-2025-48013 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 |
| CVE-2025-48079 | WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability |
| CVE-2025-48096 | WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-46823 | OpenMRS has Vulnerability in FHIR2 Module Privileges |
| CVE-2025-4683 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) P... |
| CVE-2025-47467 | WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability |
| CVE-2025-47469 | WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability |
| CVE-2025-47471 | WordPress Envo Extra <= 1.9.9 - Broken Access Control Vulnerability |
| CVE-2025-47472 | WordPress Music Player for WooCommerce <= 1.5.1 - Broken Access Control Vulnerability |
| CVE-2025-47480 | WordPress Graphina <= 3.0.4 - Broken Access Control Vulnerability |
| CVE-2025-47485 | WordPress Cozy Blocks <= 2.1.22 - Broken Access Control Vulnerability |
| CVE-2025-47486 | WordPress Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Broken Access Control Vulnerability |
| CVE-2025-47526 | WordPress GS Variation Swatches for WooCommerce <= 3.0.4 - Broken Access Control Vulnerability |
| CVE-2025-47527 | WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerabilit... |
| CVE-2025-47528 | WordPress Ovation Elements <= 1.1.2 - Broken Access Control Vulnerability |
| CVE-2025-47529 | WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability |
| CVE-2025-47534 | WordPress Wordpress Auto Spinner <= 3.25.0 - Broken Access Control Vulnerability |
| CVE-2025-47556 | WordPress CSS3 Compare Pricing Tables for WordPress <= 11.5 - Broken Access Control Vulnerability |
| CVE-2025-47628 | WordPress QS Dark Mode <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-47634 | WordPress WC Pickup Store <= 1.8.9 - Settings Change Vulnerability |
| CVE-2025-48444 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 |
| CVE-2025-48998 | Dataease MYSQL JDBC File Reading Vulnerability |
| CVE-2025-49052 | WordPress Netease Music plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-47558 | WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability |
| CVE-2025-47560 | WordPress MapSVG plugin < 8.6.13 - Broken Access Control Vulnerability |
| CVE-2025-47563 | WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-47564 | WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2025-47565 | WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2025-48155 | WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability |
| CVE-2025-48166 | WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability |
| CVE-2025-48167 | WordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control Vulnerability |
| CVE-2025-48242 | WordPress Legal Pages <= 1.4.5 - Broken Access Control Vulnerability |
| CVE-2025-48246 | WordPress The Events Calendar <= 6.11.2.1 - Broken Access Control Vulnerability |
| CVE-2025-48247 | WordPress Shortlinks by Pretty Links <= 3.6.15 - Broken Access Control Vulnerability |
| CVE-2025-48257 | WordPress Projectopia <= 5.1.17 - Broken Access Control Vulnerability |
| CVE-2025-48260 | WordPress GDPR CCPA Compliance Support <= 2.7.3 - Broken Access Control Vulnerability |
| CVE-2025-48262 | WordPress Url Rewrite Analyzer <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-48268 | WordPress Bot for Telegram on WooCommerce <= 1.2.6 - Broken Access Control Vulnerability |
| CVE-2025-46489 | WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability |
| CVE-2025-46519 | WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability |
| CVE-2025-46535 | WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2025-46554 | XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API |
| CVE-2025-46557 | Any user with view access to the XWiki space can change the authenticator |
| CVE-2025-48326 | WordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-48327 | WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-48334 | WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-48335 | WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2025-48337 | WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2025-48339 | WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-48346 | WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-48350 | WordPress AutoWP plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2025-49268 | WordPress Verge3D <= 4.9.4 - Broken Access Control Vulnerability |
| CVE-2025-49270 | WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49272 | WordPress Trinity Audio <= 5.20.0 - Broken Access Control Vulnerability |
| CVE-2025-48108 | WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability |
| CVE-2025-48116 | WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability |
| CVE-2025-48117 | WordPress WooCommerce POS <= 1.7.8 - Broken Access Control Vulnerability |
| CVE-2025-48127 | WordPress Push notification for Mobile and Web app <= 2.0.3 - Broken Access Control Vulnerability |
| CVE-2025-48128 | WordPress Sharespine Woocommerce Connector <= 4.7.55 - Broken Access Control Vulnerability |
| CVE-2025-48133 | WordPress Uncanny Automator <= 6.4.0.2 - Broken Access Control Vulnerability |
| CVE-2025-48138 | WordPress BERTHA AI <= 1.12.11 - Broken Access Control Vulnerability |
| CVE-2025-48139 | WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-48147 | WordPress CryptoCloud - Crypto Payment Gateway <= 2.1.2 - Broken Access Control Vulnerability |
| CVE-2025-48150 | WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vu... |
| CVE-2025-48731 | Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin |
| CVE-2025-48784 | Soar Cloud HRD Human Resource Management System - Missing Authorization |
| CVE-2025-4887 | SourceCodester Online Student Clearance System cross-site request forgery |
| CVE-2025-48878 | Combodo iTop vulnerable to IDOR with ModuleInstallation object |
| CVE-2025-48271 | WordPress Leadinfo <= 1.1 - Settings Change Vulnerability |
| CVE-2025-48272 | WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability |
| CVE-2025-48275 | WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-48282 | WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability |
| CVE-2025-49181 | Configurations endpoint does not require authorization |
| CVE-2025-49221 | Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin |
| CVE-2025-49234 | WordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerability |
| CVE-2025-49236 | WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-49240 | WordPress DocsPress <= 2.5.2 - Broken Access Control Vulnerability |
| CVE-2025-49241 | WordPress oik <= 4.15.1 - Broken Access Control Vulnerability |
| CVE-2025-49246 | WordPress Testimonials Showcase <= 1.9.16 - Broken Access Control Vulnerability |
| CVE-2025-49248 | WordPress Team Showcase < 25.05.13 - Broken Access Control Vulnerability |
| CVE-2025-49265 | WordPress Membership For WooCommerce <= 2.8.1 - Broken Access Control Vulnerability |
| CVE-2025-49651 | Missing Authorization for Interactive Sessions |
| CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability |
| CVE-2025-49976 | WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability |
| CVE-2025-49979 | WordPress Media Hygiene plugin <= 4.0.1 - Broken Access Control Vulnerability |
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-49981 | WordPress User Roles and Capabilities plugin <= 1.2.6 - Broken Access Control Vulnerability |
| CVE-2025-49982 | WordPress WP Customer Area plugin <= 8.2.5 - Broken Access Control Vulnerability |
| CVE-2025-49986 | WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability |
| CVE-2025-48916 | Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070 |
| CVE-2025-49406 | WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability |
| CVE-2025-49431 | WordPress MF Plus WPML <= 1.1 - Settings Change Vulnerability |
| CVE-2025-49432 | WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability |
| CVE-2025-49441 | WordPress Interactive Regional Map of Florida <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-49459 | Zoom Workplace for Windows on ARM - Missing Authorization |
| CVE-2025-49509 | WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability |
| CVE-2025-5018 | Hive Support <= 1.2.4 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_suppor... |
| CVE-2025-5033 | XiaoBingby TeaCMS addUser cross-site request forgery |
| CVE-2025-5117 | Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role... |
| CVE-2025-5121 | Missing Authorization in GitLab |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery |
| CVE-2025-5185 | Summer Pearl Group Vacation Rental Management Platform cross-site request forgery |
| CVE-2025-52554 | n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows |
| CVE-2025-49747 | Azure Machine Learning Elevation of Privilege Vulnerability |
| CVE-2025-49829 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations |
| CVE-2025-49857 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49860 | WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-49864 | WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability |
| CVE-2025-49872 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49874 | WordPress Arconix FAQ plugin <= 1.9.6 - Broken Access Control Vulnerability |
| CVE-2025-49880 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-49884 | WordPress Internal Linking of Related Contents plugin <= 1.1.8 - Broken Access Control Vulnerability |
| CVE-2025-49888 | WordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control Vulnerability |
| CVE-2025-49899 | WordPress Whydonate plugin <= 4.0.15 - Broken Access Control vulnerability |
| CVE-2025-49903 | WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-49906 | WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability |
| CVE-2025-49907 | WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability |
| CVE-2025-49910 | WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-49913 | WordPress CoSchedule plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-49287 | WordPress Product Feed for WooCommerce <= 2.2.8 - Broken Access Control Vulnerability |
| CVE-2025-49288 | WordPress Ultimate WP Mail <= 1.3.5 - Broken Access Control Vulnerability |
| CVE-2025-49289 | WordPress PDF for WPForms <= 5.5.0 - Broken Access Control Vulnerability |
| CVE-2025-49293 | WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability |
| CVE-2025-49319 | WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability |
| CVE-2025-49320 | WordPress FraudLabs Pro for WooCommerce <= 2.22.11 - Broken Access Control Vulnerability |
| CVE-2025-49324 | WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability |
| CVE-2025-49348 | WordPress Hype plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2025-49350 | WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-49376 | WordPress DELUCKS SEO plugin <= 2.5.9 - Broken Access Control vulnerability |
| CVE-2025-49377 | WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2025-49394 | WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnera... |
| CVE-2025-49396 | WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability |
| CVE-2025-49402 | WordPress Houzez CRM Plugin <= 1.4.7 - Broken Access Control Vulnerability |
| CVE-2025-52775 | WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-52785 | WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability |
| CVE-2025-49987 | WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability |
| CVE-2025-49988 | WordPress Contact Form 7 AWeber Extension plugin <= 0.1.38 - Broken Access Control Vulnerability |
| CVE-2025-49989 | WordPress App Builder plugin <= 5.5.3 - Broken Access Control Vulnerability |
| CVE-2025-49990 | WordPress ContentStudio plugin <= 1.3.4 - Broken Access Control Vulnerability |
| CVE-2025-49991 | WordPress WP-Recall plugin <= 16.26.14 - Broken Access Control Vulnerability |
| CVE-2025-52721 | WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerabil... |
| CVE-2025-52738 | WordPress Wikipedia Preview Plugin <= 1.15.0 - Broken Access Control Vulnerability |
| CVE-2025-52757 | WordPress SUMO Memberships for WooCommerce plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-52950 | Juniper Security Director: Insufficient authorization for multiple endpoints in web interface |
| CVE-2025-52954 | Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromisi... |
| CVE-2025-5304 | PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add... |
| CVE-2025-53108 | HomeBox Missing User Authorization |
| CVE-2025-53111 | GLPI exposes data to non-allowed users |
| CVE-2025-53112 | GLPI's incomprehensive permission checks can lead to data removal from allowed users |
| CVE-2025-53113 | GLPI technicians can access unauthorized information through external links |
| CVE-2025-5315 | Missing Authorization in GitLab |
| CVE-2025-5317 | Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac |
| CVE-2025-53200 | WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability |
| CVE-2025-53214 | WordPress Sertifier Certificate & Badge Maker plugin <= 1.21 - Broken Access Control Vulnerability |
| CVE-2025-49916 | WordPress MultiVendorX plugin <= 4.2.23 - Broken Access Control vulnerability |
| CVE-2025-49920 | WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability |
| CVE-2025-49922 | WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2025-49925 | WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability |
| CVE-2025-49937 | WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2025-49949 | WordPress Templazee plugin <= 1.0.2 - Broken Access Control Vulnerability |
| CVE-2025-49950 | WordPress Official Integration for Billingo Plugin <= 4.2.5 - Privilege Escalation Vulnerability |
| CVE-2025-49961 | WordPress Breeze Checkout plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-49969 | WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability |
| CVE-2025-49970 | WordPress Hello FSE Blog theme <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-49971 | WordPress eDS Responsive Menu plugin <= 1.2 - Broken Access Control Vulnerability |
| CVE-2025-49973 | WordPress Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes plugin <= 1.0.9 - Broken Access Control Vuln... |
| CVE-2025-49974 | WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-53266 | WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability |
| CVE-2025-53284 | WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability |
| CVE-2025-49993 | WordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control Vulnerability |
| CVE-2025-49996 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Broken Access Control Vulnerability |
| CVE-2025-49997 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.17 - Broken Access Control Vulnerability |
| CVE-2025-49998 | WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability |
| CVE-2025-52800 | WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-52801 | WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability |
| CVE-2025-52802 | WordPress Import YouTube videos as WP Posts plugin <= 2.1 - Broken Access Control Vulnerability |
| CVE-2025-52803 | WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-52804 | WordPress Nuss theme <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-52813 | WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability |
| CVE-2025-52817 | WordPress Abandoned Contact Form 7 plugin <= 2.0 - Broken Access Control Vulnerability |
| CVE-2025-52818 | WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-5282 | WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2025-52824 | WordPress Mobile DJ Manager plugin <= 1.7.6 - Privilege Escalation Vulnerability |
| CVE-2025-5288 | REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthent... |
| CVE-2025-53421 | WordPress Accordion plugin <= 2.3.14 - Broken Access Control vulnerability |
| CVE-2025-53424 | WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - Broken Access Control vulnerability |
| CVE-2025-53452 | WordPress Event Rocket Plugin <= 3.3 - Broken Access Control Vulnerability |
| CVE-2025-53221 | WordPress CodeablePress Plugin <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-53230 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control Vulnerability |
| CVE-2025-53236 | WordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerability |
| CVE-2025-53246 | WordPress Backup and Move Plugin <= 0.1 - Broken Access Control Vulnerability |
| CVE-2025-53255 | WordPress HurryTimer plugin <= 2.13.1 - Broken Access Control Vulnerability |
| CVE-2025-53571 | WordPress HAPPY Plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-53640 | Indico vulnerable to user enumeration via API endpoint |
| CVE-2025-53825 | Dokploy's Preview Deployments are vulnerable to Remote Code Execution |
| CVE-2025-53857 | Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin |
| CVE-2025-53910 | Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin |
| CVE-2025-5394 | Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Up... |
| CVE-2025-53986 | WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability |
| CVE-2025-53997 | WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability |
| CVE-2025-54004 | WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.21 - Broken Access Control vulnerability |
| CVE-2025-54005 | WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability |
| CVE-2025-54011 | WordPress SMTP2GO plugin <= 1.12.1 - Broken Access Control Vulnerability |
| CVE-2025-54018 | WordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control Vulnerability |
| CVE-2025-50008 | WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5... |
| CVE-2025-50009 | WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability |
| CVE-2025-53485 | SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes |
| CVE-2025-53495 | Unauthorized Disclosure of IP Reputation in AbuseFilter |
| CVE-2025-53499 | Unauthorized Inspection of Protected Variables in AbuseFilter |
| CVE-2025-54705 | WordPress WpEvently Plugin plugin <= 4.4.6 - Broken Access Control Vulnerability |
| CVE-2025-54710 | WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability |
| CVE-2025-54711 | WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability |
| CVE-2025-54712 | WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability |
| CVE-2025-54714 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability |
| CVE-2025-54717 | WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability |
| CVE-2025-54730 | WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability |
| CVE-2025-54733 | WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability |
| CVE-2025-54734 | WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability |
| CVE-2025-54739 | WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability |
| CVE-2025-54741 | WordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-54743 | WordPress Download After Email Plugin 2.1.5-2.1.6 - Other Vulnerability Type Vulnerability |
| CVE-2025-54744 | WordPress MasterStudy LMS Plugin <= 3.6.15 - Broken Access Control Vulnerability |
| CVE-2025-50010 | WordPress Zapier for WordPress plugin <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-50028 | WordPress Ultimate Push Notifications plugin <= 1.1.9 - Broken Access Control Vulnerability |
| CVE-2025-54025 | WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability |
| CVE-2025-54037 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability |
| CVE-2025-54040 | WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability |
| CVE-2025-54045 | WordPress CM On Demand Search And Replace plugin <= 1.5.4 - Broken Access Control vulnerability |
| CVE-2025-54047 | WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability |
| CVE-2025-5410 | Mist Community Edition middleware.py session_start_response cross-site request forgery |
| CVE-2025-54159 | Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers t... |
| CVE-2025-54378 | HAX CMS Backend Lacks Comprehensive Authorization Checks |
| CVE-2025-54458 | Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin |
| CVE-2025-54679 | WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-54692 | WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability |
| CVE-2025-54695 | WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability |
| CVE-2025-54943 | SUNNET Corporate Training Management System - Missing Authorization |
| CVE-2025-55038 | AutomationDirect CLICK PLUS Missing Authorization |
| CVE-2025-55141 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55142 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-50029 | WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-55144 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55145 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55148 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-5521 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery |
| CVE-2025-5692 | Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions |
| CVE-2025-5701 | HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-5732 | code-projects Traffic Offense Reporting System cross-site request forgery |
| CVE-2025-57884 | WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability |
| CVE-2025-57894 | WordPress WPPizza Plugin <= 3.19.8 - Broken Access Control Vulnerability |
| CVE-2025-57896 | WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability |
| CVE-2025-57899 | WordPress WP Compress Plugin <= 6.50.54 - Broken Access Control Vulnerability |
| CVE-2025-57907 | WordPress Heureka Plugin <= 1.1.0 - Broken Access Control Vulnerability |
| CVE-2025-57909 | WordPress Editor Custom Color Palette Plugin <= 3.4.8 - Broken Access Control Vulnerability |
| CVE-2025-57917 | WordPress Printcart Web to Print Product Designer for WooCommerce Plugin <= 2.4.3 - Broken Access Control Vulnerability |
| CVE-2025-57921 | WordPress Frontend File Manager Plugin <= 23.2 - Broken Access Control Vulnerability |
| CVE-2025-54745 | WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability |
| CVE-2025-54751 | WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability |
| CVE-2025-5483 | LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation |
| CVE-2025-5486 | WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset |
| CVE-2025-55712 | WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 6.3.13 - Broken Access Control Vulnerability |
| CVE-2025-55716 | WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability |
| CVE-2025-55734 | flaskBlo Authorization Bypass |
| CVE-2025-55741 | unopim/unopim allows unauthorized product deletion via mass-delete endpoint |
| CVE-2025-5766 | code-projects Laundry System cross-site request forgery |
| CVE-2025-57817 | Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation |
| CVE-2025-57958 | WordPress WowAddons Plugin <= 1.0.17 - Broken Access Control Vulnerability |
| CVE-2025-57961 | WordPress CoDesigner Plugin <= 4.25.2 - Broken Access Control Vulnerability |
| CVE-2025-57969 | WordPress Hide WP Toolbar Plugin <= 2.7 - Broken Access Control Vulnerability |
| CVE-2025-57971 | WordPress SALESmanago Plugin <= 3.8.1 - Broken Access Control Vulnerability |
| CVE-2025-50031 | WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability |
| CVE-2025-50032 | WordPress Paytiko for WooCommerce <= 1.3.14 - Broken Access Control Vulnerability |
| CVE-2025-50034 | WordPress Enhanced Blocks – Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Control Vulnerability |
| CVE-2025-50039 | WordPress VG WORT METIS <= 2.0.0 - Broken Access Control Vulnerability |
| CVE-2025-53288 | WordPress PlatiOnline Payments plugin <= 6.3.2 - Broken Access Control Vulnerability |
| CVE-2025-53291 | WordPress Spreadconnect plugin <= 2.1.5 - Broken Access Control Vulnerability |
| CVE-2025-53293 | WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability |
| CVE-2025-53295 | WordPress iCount Payment Gateway plugin <= 2.0.6 - Broken Access Control Vulnerability |
| CVE-2025-53304 | WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability |
| CVE-2025-53318 | WordPress WP DB Booster plugin <= 1.0.1 - Broken Access Control Vulnerability |
| CVE-2025-53323 | WordPress Pre-Publish Post Checklist plugin <= 3.1 - Broken Access Control Vulnerability |
| CVE-2025-53337 | WordPress LifePress Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-53340 | WordPress Awesome Support Plugin <= 6.3.4 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53341 | WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability |
| CVE-2025-53343 | WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability |
| CVE-2025-53348 | WordPress Kalium Theme <= 3.18.3 - Broken Access Control Vulnerability |
| CVE-2025-53374 | Dokploy Improperly Discloses User Information via user.one Endpoint |
| CVE-2025-5846 | Missing Authorization in GitLab |
| CVE-2025-58650 | WordPress All In One SEO Pack Plugin <= 4.8.7 - Broken Access Control Vulnerability |
| CVE-2025-58660 | WordPress Oshine Core Plugin <= 1.5.5 - Broken Access Control Vulnerability |
| CVE-2025-58663 | WordPress Qubely Plugin <= 1.8.14 - Broken Access Control Vulnerability |
| CVE-2025-58664 | WordPress Text To Speech TTS Accessibility Plugin <= 1.9.20 - Broken Access Control Vulnerability |
| CVE-2025-58666 | WordPress Website Chat Button: Kommo integration Plugin <= 1.3.1 - Broken Access Control Vulnerability |
| CVE-2025-58667 | WordPress ListingPro Reviews Plugin <= 1.6 - Broken Access Control Vulnerability |
| CVE-2025-58668 | WordPress WPLMS Theme <= 4.970 - Broken Access Control Vulnerability |
| CVE-2025-58672 | WordPress WP User Frontend Plugin <= 4.1.11 - Broken Access Control Vulnerability |
| CVE-2025-58678 | WordPress Accordion Plugin <= 2.3.14 - Broken Access Control Vulnerability |
| CVE-2025-58679 | WordPress AppMySite Plugin <= 3.14.0 - Broken Access Control Vulnerability |
| CVE-2025-58680 | WordPress Gutentor Plugin <= 3.5.2 - Broken Access Control Vulnerability |
| CVE-2025-58681 | WordPress Easy Quotes Plugin <= 1.2.4 - Broken Access Control Vulnerability |
| CVE-2025-58685 | WordPress Cecabank WooCommerce Plugin Plugin <= 0.3.4 - Broken Access Control Vulnerability |
| CVE-2025-58711 | WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability |
| CVE-2025-58753 | copyparty: Sharing a single file does not fully restrict access to other files in source folder |
| CVE-2025-58783 | WordPress Gutentor Plugin <= 3.5.1 - Broken Access Control Vulnerability |
| CVE-2025-58785 | WordPress Ray Enterprise Translation Plugin <= 1.7.1 - Broken Access Control Vulnerability |
| CVE-2025-58795 | WordPress Payoneer Checkout Plugin <= 3.4.0 - Content Spoofing Vulnerability |
| CVE-2025-58813 | WordPress Consultstreet Theme <= 3.0.0 - Broken Access Control Vulnerability |
| CVE-2025-58816 | WordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-58817 | WordPress SoftMe Theme <= 1.1.24 - Broken Access Control Vulnerability |
| CVE-2025-58824 | WordPress Shk Corporate Theme <= 2.4.1.1 - Broken Access Control Vulnerability |
| CVE-2025-57972 | WordPress Helpdesk Support Ticket System for WooCommerce Plugin <= 2.0.2 - Broken Access Control Vulnerability |
| CVE-2025-57975 | WordPress Team Plugin <= 5.0.6 - Broken Access Control Vulnerability |
| CVE-2025-57976 | WordPress CardCom Payment Gateway Plugin <= 3.5.0.4 - Broken Access Control Vulnerability |
| CVE-2025-57985 | WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability |
| CVE-2025-57987 | WordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control Vulnerability |
| CVE-2025-57990 | WordPress Blog Designer Plugin <= 3.1.8 - Broken Access Control Vulnerability |
| CVE-2025-57991 | WordPress Clariti Plugin <= 1.2.1 - Broken Access Control Vulnerability |
| CVE-2025-57995 | WordPress DethemeKit For Elementor Plugin <= 2.1.10 - Broken Access Control Vulnerability |
| CVE-2025-57997 | WordPress Trustpilot Reviews Plugin <= 2.5.925 - Broken Access Control Vulnerability |
| CVE-2025-58000 | WordPress Memberful Plugin <= 1.75.0 - Broken Access Control Vulnerability |
| CVE-2025-58003 | WordPress Javo Core Plugin <= 3.0.0.266 - Broken Access Control Vulnerability |
| CVE-2025-58004 | WordPress DriCub Theme <= 2.9 - Broken Access Control Vulnerability |
| CVE-2025-58009 | WordPress CP Multi View Event Calendar Plugin <= 1.4.32 - Broken Access Control Vulnerability |
| CVE-2025-58016 | WordPress CF7 Submissions Plugin <= 0.26 - Broken Access Control Vulnerability |
| CVE-2025-57936 | WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability |
| CVE-2025-57939 | WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control Vulnerability |
| CVE-2025-57944 | WordPress Skimlinks Affiliate Marketing Tool Plugin <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-57949 | WordPress Ongkoskirim.id Plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-57955 | WordPress Post Carousel Slider for Elementor Plugin <= 1.7.0 - Broken Access Control Vulnerability |
| CVE-2025-57957 | WordPress WooMS Plugin <= 9.12 - Broken Access Control Vulnerability |
| CVE-2025-5814 | Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via S... |
| CVE-2025-5815 | Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-5816 | Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenti... |
| CVE-2025-58192 | WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability |
| CVE-2025-58193 | WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability |
| CVE-2025-58198 | WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability |
| CVE-2025-58201 | WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability |
| CVE-2025-58207 | WordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-58210 | WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability |
| CVE-2025-58221 | WordPress PilotPress Plugin <= 2.0.35 - Broken Access Control Vulnerability |
| CVE-2025-58222 | WordPress Team Manager Plugin <= 2.3.14 - Broken Access Control Vulnerability |
| CVE-2025-58243 | WordPress imEvent Theme <= 3.4.0 - Broken Access Control Vulnerability |
| CVE-2025-58247 | WordPress TI WooCommerce Wishlist Plugin <= 2.10.0 - Broken Access Control Vulnerability |
| CVE-2025-58251 | WordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control Vulnerability |
| CVE-2025-58258 | WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-5835 | Droip <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Many Actions |
| CVE-2025-5885 | Konica Minolta bizhub cross-site request forgery |
| CVE-2025-58877 | WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Content Deletion vulnerability |
| CVE-2025-5888 | jsnjfz WebStack-Guns cross-site request forgery |
| CVE-2025-58919 | WordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-58938 | WordPress IDonatePro plugin <= 2.1.9 - Broken Access Control vulnerability |
| CVE-2025-5894 | Honding Technology Smart Parking Management System - Missing Authorization |
| CVE-2025-58957 | WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability |
| CVE-2025-58968 | WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-5919 | Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking... |
| CVE-2025-59353 | Manager generates mTLS certificates for arbitrary IP addresses |
| CVE-2025-59413 | CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter |
| CVE-2025-59416 | The Scratch Channel forks can publish articles |
| CVE-2025-59461 | API does not require authentication |
| CVE-2025-5953 | WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_... |
| CVE-2025-59551 | WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability |
| CVE-2025-58594 | WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability |
| CVE-2025-58599 | WordPress Order Delivery Date for WooCommerce Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58600 | WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability |
| CVE-2025-58601 | WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability |
| CVE-2025-58603 | WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability |
| CVE-2025-58606 | WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability |
| CVE-2025-58613 | WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability |
| CVE-2025-58616 | WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability |
| CVE-2025-58617 | WordPress F4 Media Taxonomies Plugin <= 1.1.4 - Broken Access Control Vulnerability |
| CVE-2025-58622 | WordPress Mobile Contact Line Plugin <= 2.4.0 - Broken Access Control Vulnerability |
| CVE-2025-58629 | WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability |
| CVE-2025-58634 | WordPress PeachPay Payments Plugin <= 1.117.4 - Broken Access Control Vulnerability |
| CVE-2025-58635 | WordPress Support Genix Plugin <= 1.4.23 - Broken Access Control Vulnerability |
| CVE-2025-58639 | WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-59576 | WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability |
| CVE-2025-59581 | WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-59559 | WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability |
| CVE-2025-58029 | WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerability |
| CVE-2025-5803 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Broken Access Control vulnerability |
| CVE-2025-5805 | WordPress Electron theme <= 1.8.2 - Broken Access Control vulnerability |
| CVE-2025-58073 | Arbitrary Mattermost Team can be joined by manipulating the OAuth state |
| CVE-2025-58075 | Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState |
| CVE-2025-5811 | Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion |
| CVE-2025-5812 | VG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2025-5813 | Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation |
| CVE-2025-59826 | FlagForgeCTF Vulnerable to Unauthorized Problem Creation |
| CVE-2025-59827 | FlagForgeCTF is Missing Authorization in main-v2 |
| CVE-2025-59828 | Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions |
| CVE-2025-60045 | WordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerability |
| CVE-2025-60077 | WordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-60079 | WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability |
| CVE-2025-60086 | WordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2025-58969 | WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability |
| CVE-2025-58976 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability |
| CVE-2025-58978 | WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability |
| CVE-2025-58979 | WordPress BerqWP Plugin <= 2.2.53 - Broken Access Control Vulnerability |
| CVE-2025-58980 | WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58981 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability |
| CVE-2025-58986 | WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability |
| CVE-2025-5900 | Tenda AC9 cross-site request forgery |
| CVE-2025-59001 | WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2025-59005 | WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability |
| CVE-2025-59011 | WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-59017 | Broken Access Control in Backend AJAX Routes |
| CVE-2025-59021 | TYPO3 CMS Allows Broken Access Control in Redirects Module |
| CVE-2025-59022 | TYPO3 CMS Allows Broken Access Control in Recycler Module |
| CVE-2025-62027 | WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability |
| CVE-2025-5956 | WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via... |
| CVE-2025-59591 | WordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control Vulnerability |
| CVE-2025-60247 | WordPress Bux Woocommerce plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2025-6043 | Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Delet... |
| CVE-2025-6105 | jflyfox jfinal_cms HOME.java cross-site request forgery |
| CVE-2025-6106 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery |
| CVE-2025-6171 | Missing Authorization in GitLab |
| CVE-2025-6187 | bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint |
| CVE-2025-6190 | Realty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profil... |
| CVE-2025-62006 | WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability |
| CVE-2025-62013 | WordPress UiChemy plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2025-62017 | WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability |
| CVE-2025-62018 | WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability |
| CVE-2025-62019 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerability |
| CVE-2025-62021 | WordPress Acknowledgify plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-62022 | WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability |
| CVE-2025-62247 | Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2... |
| CVE-2025-62256 | Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA thro... |
| CVE-2025-59561 | WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability |
| CVE-2025-59567 | WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability |
| CVE-2025-5957 | Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Tic... |
| CVE-2025-62736 | WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability |
| CVE-2025-62738 | WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-62740 | WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-62747 | WordPress Featured Image Generator plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2025-62751 | WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability |
| CVE-2025-62293 | Broken Access Control in SOPlanning |
| CVE-2025-6253 | UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read |
| CVE-2025-62614 | BookLore Media API Authentication Bypass |
| CVE-2025-62642 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup AP... |
| CVE-2025-62712 | JumpServer Connection Token Leak Vulnerability |
| CVE-2025-62714 | Karmada Dashboard API Unauthorized Access Vulnerability |
| CVE-2025-62914 | WordPress Effect Maker plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-62915 | WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-62916 | WordPress Flights & Hotels Booking WP Plugin plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2025-62918 | WordPress IgnitionDeck plugin <= 2.0.10 - Broken Access Control vulnerability |
| CVE-2025-62919 | WordPress TS Demo Importer plugin <= 0.1.2 - Broken Access Control vulnerability |
| CVE-2025-62922 | WordPress Export Categories plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-62924 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability |
| CVE-2025-62925 | WordPress Conversios.io plugin <= 7.2.10 - Broken Access Control vulnerability |
| CVE-2025-62754 | WordPress Payment Gateway bKash for WC plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2025-62755 | WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2025-6284 | PHPGurukul Car Rental Portal cross-site request forgery |
| CVE-2025-62865 | WordPress Post Cloner plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2025-62867 | WordPress Ergonet Cache plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-62869 | WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability |
| CVE-2025-62870 | WordPress Eupago Gateway For Woocommerce plugin <= 4.6.3 - Broken Access Control vulnerability |
| CVE-2025-62874 | WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability |
| CVE-2025-62881 | WordPress WP-Lister Lite for eBay plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2025-62882 | WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability |
| CVE-2025-62883 | WordPress Premmerce User Roles plugin <= 1.0.13 - Broken Access Control vulnerability |
| CVE-2025-62884 | WordPress Coupon Affiliates plugin <= 7.0.3 - Broken Access Control vulnerability |
| CVE-2025-62888 | WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability |
| CVE-2025-62889 | WordPress King Addons for Elementor plugin <= 51.1.37 - Broken Access Control vulnerability |
| CVE-2025-62892 | WordPress Sunshine Photo Cart plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-62906 | WordPress Referral Link Tracker plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-62908 | Без описания... |
| CVE-2025-62909 | WordPress Smart WeTransfer plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-63034 | WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability |
| CVE-2025-62028 | WordPress Salient theme < 17.4.0 - Broken Access Control vulnerability |
| CVE-2025-62033 | WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62037 | WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62046 | WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-62048 | WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability |
| CVE-2025-62049 | WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability |
| CVE-2025-6205 | Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 |
| CVE-2025-62052 | WordPress One Page Express Companion plugin <= 1.6.43 - Broken Access Control vulnerability |
| CVE-2025-62070 | WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability |
| CVE-2025-62071 | WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerability |
| CVE-2025-62072 | WordPress Front End Users plugin <= 3.2.33 - Broken Access Control vulnerability |
| CVE-2025-62073 | WordPress MeetingHub plugin <= 1.23.9 - Broken Access Control vulnerability |
| CVE-2025-62078 | WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2025-62079 | WordPress WP Export Categories & Taxonomies plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-62081 | WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-62085 | WordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerability |
| CVE-2025-62086 | WordPress Яндекс Доставка (Boxberry) plugin <= 2.32 - Broken Access Control vulnerability |
| CVE-2025-62087 | WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-62090 | WordPress Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons plugin <= 3.0.2 - Broken Access Control vulne... |
| CVE-2025-62091 | WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability |
| CVE-2025-62092 | WordPress Wiremo plugin <= 1.4.99 - Broken Access Control vulnerability |
| CVE-2025-62098 | WordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerability |
| CVE-2025-62099 | WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability |
| CVE-2025-62100 | WordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2025-62106 | WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-62108 | WordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerability |
| CVE-2025-62115 | WordPress Hide Plugins plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62116 | WordPress AI Copilot plugin <= 1.4.7 - Broken Access Control vulnerability |
| CVE-2025-62122 | WordPress Trash Duplicate and 301 Redirect plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-62128 | WordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerability |
| CVE-2025-62129 | WordPress RestroPress plugin <= 3.2.4.2 - Broken Access Control vulnerability |
| CVE-2025-62130 | WordPress Accordion Slider Gallery plugin <= 2.7 - Broken Access Control vulnerability |
| CVE-2025-63038 | WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability |
| CVE-2025-63039 | WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-63047 | WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-62927 | WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability |
| CVE-2025-62928 | WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2025-62929 | WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2025-62931 | WordPress MSN Partner Hub plugin <= 2.8.7 - Broken Access Control vulnerability |
| CVE-2025-62932 | WordPress Table Block by RioVizual plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2025-62935 | WordPress Open Close WooCommerce Store plugin <= 4.9.8 - Broken Access Control vulnerability |
| CVE-2025-62938 | WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-62944 | WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-62946 | WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2025-62952 | WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2025-62953 | WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability |
| CVE-2025-62954 | WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability |
| CVE-2025-62960 | WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2025-62961 | WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-62964 | WordPress MDTF plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2025-62965 | WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2025-63049 | WordPress ListingPro Lead Form plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-63054 | WordPress Quiz And Survey Master plugin <= 10.3.1 - Broken Access Control vulnerability |
| CVE-2025-63056 | WordPress Contact Form by BestWebSoft plugin <= 4.3.5 - Broken Access Control vulnerability |
| CVE-2025-63063 | WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-63067 | WordPress Porto Theme - Functionality plugin <= 3.6.2 - Broken Access Control vulnerability |
| CVE-2025-63069 | WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability |
| CVE-2025-63077 | WordPress Happy Addons for Elementor plugin <= 3.20.2 - Broken Access Control vulnerability |
| CVE-2025-6341 | code-projects School Fees Payment System cross-site request forgery |
| CVE-2025-6380 | ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function |
| CVE-2025-64171 | MARIN3R: Cross-Namespace Vulnerability in the Operator |
| CVE-2025-62131 | WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-62132 | WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-62138 | WordPress WP Advanced PDF plugin <= 1.1.7 - Other vulnerability Type vulnerability |
| CVE-2025-62141 | WordPress Wawp plugin <= 4.0.5 - Broken Access Control vulnerability |
| CVE-2025-62144 | WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.27 - Broken Access Control vulnerability |
| CVE-2025-62145 | WordPress DMCA Protection Badge plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-62147 | WordPress Realbig plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-6215 | Omnishop <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint |
| CVE-2025-62150 | WordPress History Timeline plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-62151 | WordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerability |
| CVE-2025-62152 | WordPress ConveyThis plugin <= 268.10 - Broken Access Control vulnerability |
| CVE-2025-62153 | WordPress Quick Interest Slider plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2025-62154 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One plugin <= 1.1.7 - Broken Access... |
| CVE-2025-64323 | kgateway is missing xDS authorization |
| CVE-2025-64179 | lakeFS: Unauthenticated access to API usage metrics |
| CVE-2025-64192 | WordPress XStore theme < 9.6 - Broken Access Control vulnerability |
| CVE-2025-64199 | WordPress wpresidence theme <= 5.3.2 - Broken Access Control vulnerability |
| CVE-2025-64209 | WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability |
| CVE-2025-64210 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-64211 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-64212 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability |
| CVE-2025-64214 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64219 | WordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerability |
| CVE-2025-64222 | WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64229 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerability |
| CVE-2025-64234 | WordPress Evergreen Content Poster plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2025-64238 | WordPress WPS Bidouille plugin <= 1.33.1 - Broken Access Control vulnerability |
| CVE-2025-64241 | WordPress WP Coupons and Deals plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2025-64242 | WordPress Easy Property Listings plugin <= 3.5.15 - Broken Access Control vulnerability |
| CVE-2025-64243 | WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability |
| CVE-2025-64244 | WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability |
| CVE-2025-64245 | WordPress Import external attachments plugin <= 1.5.12 - Broken Access Control vulnerability |
| CVE-2025-64246 | WordPress Accessibility by AudioEye plugin <= 1.0.49 - Broken Access Control vulnerability |
| CVE-2025-64247 | WordPress Read More & Accordion plugin <= 3.5.4.1 - Broken Access Control vulnerability |
| CVE-2025-64248 | WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-64249 | WordPress Protect WP Admin plugin <= 4.1 - Broken Access Control vulnerability |
| CVE-2025-64251 | WordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64254 | WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-64255 | WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability |
| CVE-2025-64257 | WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2025-64259 | WordPress Theater for WordPress plugin <= 0.18.8 - Broken Access Control vulnerability |
| CVE-2025-64261 | WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability |
| CVE-2025-64263 | WordPress WP Content Pilot plugin <= 2.1.7 - Broken Access Control vulnerability |
| CVE-2025-64265 | WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability |
| CVE-2025-62966 | WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability |
| CVE-2025-62970 | WordPress Link Whisper Free plugin <= 0.8.8 - Broken Access Control vulnerability |
| CVE-2025-62972 | WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability |
| CVE-2025-62973 | WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2025-62976 | WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability |
| CVE-2025-62977 | WordPress 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-62978 | WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2025-62980 | WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability |
| CVE-2025-62993 | WordPress Notification for Telegram plugin <= 3.4.7 - Broken Access Control vulnerability |
| CVE-2025-62995 | WordPress MultiParcels Shipping For WooCommerce plugin <= 1.30.12 - Broken Access Control vulnerability |
| CVE-2025-62996 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability |
| CVE-2025-62999 | WordPress Litho Addons plugin <= 3.4 - Broken Access Control vulnerability |
| CVE-2025-63001 | WordPress Hotel Booking plugin <= 3.8 - Broken Access Control vulnerability |
| CVE-2025-63002 | WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability |
| CVE-2025-63004 | WordPress All in One Accessibility plugin <= 1.14 - Broken Access Control vulnerability |
| CVE-2025-63006 | WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability |
| CVE-2025-64268 | WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability |
| CVE-2025-64269 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.150 - Broken Access Control vulnerability |
| CVE-2025-64273 | WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2025-64274 | WordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerability |
| CVE-2025-64276 | WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability |
| CVE-2025-64277 | WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability |
| CVE-2025-64285 | WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2025-64294 | WordPress WP Snow Effect plugin <= 1.1.15 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-64296 | WordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-64520 | GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API |
| CVE-2025-64630 | WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability |
| CVE-2025-64631 | WordPress WCFM Marketplace plugin <= 3.6.15 - Broken Access Control vulnerability |
| CVE-2025-64632 | WordPress Google XML Sitemaps plugin <= 4.1.21 - Broken Access Control vulnerability |
| CVE-2025-64634 | WordPress Avada theme <= 7.13.1 - Broken Access Control vulnerability |
| CVE-2025-63008 | WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability |
| CVE-2025-63015 | WordPress WooCommerce Payment Gateway – Paysera plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2025-63016 | WordPress QuadLayers TikTok Feed plugin <= 4.6.4 - Broken Access Control vulnerability |
| CVE-2025-63018 | WordPress Bard theme <= 2.229 - Broken Access Control vulnerability |
| CVE-2025-63022 | WordPress Simple Like Page plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2025-63023 | WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.52 - Broken Access Control vulnerability |
| CVE-2025-63024 | WordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2025-63025 | WordPress Xagio SEO plugin <= 7.1.0.29 - Broken Access Control vulnerability |
| CVE-2025-63028 | WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-63031 | WordPress EasyTest plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-6476 | SourceCodester Gym Management System cross-site request forgery |
| CVE-2025-6478 | CodeAstro Expense Management System cross-site request forgery |
| CVE-2025-65020 | Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR) |
| CVE-2025-65021 | Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR) |
| CVE-2025-65028 | Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes |
| CVE-2025-65029 | Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants |
| CVE-2025-65036 | XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro |
| CVE-2025-65089 | XWiki view file macro: User can view content of office file without view rights on the attachment |
| CVE-2025-65098 | Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass |
| CVE-2025-65112 | PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing |
| CVE-2025-66402 | misskey.js's export data contains private post data |
| CVE-2025-66525 | WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability |
| CVE-2025-66526 | WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability |
| CVE-2025-66527 | WordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2025-66528 | WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2025-66530 | WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability |
| CVE-2025-66532 | WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-66534 | WordPress The Aisle theme <= 2.9 - Broken Access Control vulnerability |
| CVE-2025-6664 | CodeAstro Patient Record Management System cross-site request forgery |
| CVE-2025-6685 | ATEN eco DC Missing Authorization Privilege Escalation Vulnerability |
| CVE-2025-6718 | B1.lt for WooCommerce <= 2.2.56 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection |
| CVE-2025-64348 | ELOG configuration file authorization bypass |
| CVE-2025-64349 | ELOG user profile missing authorization |
| CVE-2025-64350 | WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability |
| CVE-2025-64352 | WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability |
| CVE-2025-64356 | WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2025-64358 | WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2025-64369 | WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability |
| CVE-2025-64370 | WordPress YOP Poll plugin <= 6.5.38 - Broken Access Control vulnerability |
| CVE-2025-64375 | WordPress WP Social Ninja plugin <= 3.20.1 - Broken Access Control vulnerability |
| CVE-2025-64378 | WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability |
| CVE-2025-64379 | WordPress Booster for WooCommerce plugin <= 7.4.0 - Broken Access Control vulnerability |
| CVE-2025-64382 | WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2025-64384 | WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-64401 | Apache OpenOffice: Remote documents loaded without prompt via IFrame |
| CVE-2025-64402 | Apache OpenOffice: Remote documents loaded without prompt via OLE objects |
| CVE-2025-64403 | Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc |
| CVE-2025-64404 | Apache OpenOffice: Remote documents loaded without prompt via background and bullet images |
| CVE-2025-64405 | Apache OpenOffice: Remote documents loaded without prompt via DDE function |
| CVE-2025-64407 | Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables |
| CVE-2025-6441 | Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 4.03.31 - Una... |
| CVE-2025-66054 | WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability |
| CVE-2025-66058 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability |
| CVE-2025-66060 | WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability |
| CVE-2025-66063 | WordPress WP Google Review Slider plugin <= 17.4 - Broken Access Control vulnerability |
| CVE-2025-66065 | WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-66068 | WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability |
| CVE-2025-66069 | WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability |
| CVE-2025-66070 | WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability |
| CVE-2025-66071 | WordPress Custom Order Numbers for WooCommerce plugin <= 1.11.0 - Broken Access Control vulnerability |
| CVE-2025-66072 | WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerability |
| CVE-2025-66075 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability |
| CVE-2025-66077 | WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2025-64635 | WordPress Feeds for YouTube plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2025-64638 | WordPress OnPay.io for WooCommerce plugin <= 1.0.47 - Broken Access Control vulnerability |
| CVE-2025-64639 | WordPress WP Compress for MainWP plugin <= 6.50.07 - Broken Access Control vulnerability |
| CVE-2025-64729 | AVEVA Process Optimization Missing Authorization |
| CVE-2025-67559 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability |
| CVE-2025-60088 | WordPress WebinarIgnition plugin <= 4.06.04 - Broken Access Control vulnerability |
| CVE-2025-60094 | WordPress Stackable Plugin <= 3.18.1 - Broken Access Control Vulnerability |
| CVE-2025-60096 | WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability |
| CVE-2025-60097 | WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability |
| CVE-2025-60098 | WordPress Theme My Login Plugin <= 7.1.12 - Broken Access Control Vulnerability |
| CVE-2025-60103 | WordPress ListingPro Plugin <= 2.9.8 - Broken Access Control Vulnerability |
| CVE-2025-60106 | WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-60116 | WordPress Grand Conference Theme Custom Post Type Plugin <= 2.6.3 - Broken Access Control Vulnerability |
| CVE-2025-60120 | WordPress WP Directory Kit Plugin <= 1.3.8 - Broken Access Control Vulnerability |
| CVE-2025-60121 | WordPress WooEvents Plugin <= 4.1.7 - Broken Access Control Vulnerability |
| CVE-2025-60122 | WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60123 | WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60127 | WordPress CopySafe Web Protection Plugin <= 4.3 - Broken Access Control Vulnerability |
| CVE-2025-60128 | WordPress Delisho Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-66079 | WordPress Gutenverse Form plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-66080 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability |
| CVE-2025-66082 | WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability |
| CVE-2025-66083 | WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability |
| CVE-2025-66084 | WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-66085 | WordPress Arconix Shortcodes plugin <= 2.1.18 - Broken Access Control vulnerability |
| CVE-2025-66086 | WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability |
| CVE-2025-66087 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2025-66088 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2025-66089 | WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2025-66096 | WordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerability |
| CVE-2025-66099 | WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2025-66100 | WordPress RestroPress plugin <= 3.2.3.5 - Broken Access Control vulnerability |
| CVE-2025-66101 | WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-66104 | WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulnerability |
| CVE-2025-66106 | WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2025-67560 | WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability |
| CVE-2025-67561 | WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-67562 | WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability |
| CVE-2025-66107 | WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66108 | WordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-66109 | WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability |
| CVE-2025-66110 | WordPress Tiktok Feed plugin <= 1.0.22 - Broken Access Control vulnerability |
| CVE-2025-66112 | WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-66113 | WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability |
| CVE-2025-66114 | WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2025-66117 | WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2025-66120 | WordPress CatFolders plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-66121 | WordPress SiteGround Security plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2025-66122 | WordPress Stylish Price List plugin <= 7.2.2 - Broken Access Control vulnerability |
| CVE-2025-66124 | WordPress Leaky Paywall plugin <= 4.22.5 - Broken Access Control vulnerability |
| CVE-2025-66127 | WordPress Essential Real Estate plugin <= 5.2.2 - Broken Access Control vulnerability |
| CVE-2025-66128 | WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability |
| CVE-2025-66129 | WordPress Pochipp plugin <= 1.18.0 - Broken Access Control vulnerability |
| CVE-2025-66130 | WordPress WP Views Counter plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2025-66131 | WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.10 - Broken Access Control vulnerability |
| CVE-2025-66133 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability |
| CVE-2025-66134 | WordPress FileBird Pro plugin <= 6.4.9 - Broken Access Control vulnerability |
| CVE-2025-66135 | WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-66136 | WordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-66137 | WordPress Searcher for Elementor plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-66138 | WordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-66139 | WordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66140 | WordPress Uper for Elementor plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2025-66141 | WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-66142 | WordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-66143 | WordPress Crumber plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-66144 | WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-66145 | WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-66146 | WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66147 | WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability |
| CVE-2025-66148 | WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-66149 | WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2025-66150 | WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-66151 | WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-66152 | WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-66153 | WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-66154 | WordPress Couponer for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66155 | WordPress Questionar for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66156 | WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66157 | WordPress Slider for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-66158 | WordPress Gmaper for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66159 | WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-66160 | WordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerability |
| CVE-2025-6720 | Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing |
| CVE-2025-6721 | Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation |
| CVE-2025-6726 | Block Editor Gallery Slider <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update |
| CVE-2025-6730 | Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success |
| CVE-2025-67466 | WordPress Trinity Audio plugin <= 5.23.3 - Broken Access Control vulnerability |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken... |
| CVE-2025-67474 | WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2025-6754 | SEO Metrics <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-67540 | WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-67547 | WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability |
| CVE-2025-67548 | WordPress WP Delicious plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-67913 | WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-67917 | WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-67926 | WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability |
| CVE-2025-67929 | WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability |
| CVE-2025-67563 | WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability |
| CVE-2025-67566 | WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability |
| CVE-2025-67568 | WordPress Basel theme <= 5.9.1 - Broken Access Control vulnerability |
| CVE-2025-67569 | WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability |
| CVE-2025-67570 | WordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2025-66161 | WordPress Grider for Elementor plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-66162 | WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability |
| CVE-2025-66163 | WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-66164 | WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-66165 | WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66166 | WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66167 | WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-68270 | CourseLimitedStaff Role Allows Studio Access |
| CVE-2025-68479 | Discourse subscriptions are susceptible to takeover |
| CVE-2025-68498 | WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability |
| CVE-2025-68503 | WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability |
| CVE-2025-68505 | WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability |
| CVE-2025-68507 | WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability |
| CVE-2025-68508 | WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability |
| CVE-2025-68511 | WordPress Gutenverse Form plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2025-68517 | WordPress Tablesome plugin <= 1.1.35.1 - Broken Access Control vulnerability |
| CVE-2025-68521 | WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability |
| CVE-2025-68522 | WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability |
| CVE-2025-68523 | WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability |
| CVE-2025-68534 | WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability |
| CVE-2025-68535 | WordPress Sunshine Photo Cart plugin <= 3.5.7.1 - Broken Access Control vulnerability |
| CVE-2025-68542 | WordPress Checkout Gateway for IRIS plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-68547 | WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-68556 | WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-68557 | WordPress Chakra test plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-68558 | WordPress Depicter Slider plugin <= 4.0.4 - Broken Access Control vulnerability |
| CVE-2025-68564 | WordPress Sendy plugin <= 3.4.2 - Broken Access Control vulnerability |
| CVE-2025-68565 | WordPress Twitch Player plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-68568 | WordPress Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker p... |
| CVE-2025-68569 | WordPress WP Time Slots Booking Form plugin <= 1.2.38 - Broken Access Control vulnerability |
| CVE-2025-68571 | WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2025-68572 | WordPress BBP Core plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2025-68575 | WordPress Wappointment plugin <=2.7.2 - Broken Access Control vulnerability |
| CVE-2025-68577 | WordPress Virusdie plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-68578 | WordPress Addonify plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-68579 | WordPress FV Simpler SEO plugin <= 1.9.6 - Broken Access Control vulnerability |
| CVE-2025-68581 | WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-68582 | WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability |
| CVE-2025-68585 | WordPress WP Document Revisions plugin <= 3.7.2 - Broken Access Control vulnerability |
| CVE-2025-68586 | WordPress Cooked plugin <= 1.11.2 - Broken Access Control vulnerability |
| CVE-2025-68587 | WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-68588 | WordPress TS Poll plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-68589 | WordPress WP Telegram Widget and Join Link plugin <= 2.2.11 - Broken Access Control vulnerability |
| CVE-2025-68591 | WordPress Simple File List plugin <= 6.1.15 - Broken Access Control vulnerability |
| CVE-2025-68592 | WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2025-68593 | WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2025-68594 | WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.12.1 - Broken Access Control vulnerability |
| CVE-2025-68595 | WordPress Widgets for Social Photo Feed plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2025-68596 | WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability |
| CVE-2025-68603 | WordPress Editorial Calendar plugin <= 3.8.8 - Broken Access Control vulnerability |
| CVE-2025-68608 | WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability |
| CVE-2025-60129 | WordPress Yext Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60130 | WordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-60143 | WordPress Netgsm Plugin <= 2.9.58 - Broken Access Control Vulnerability |
| CVE-2025-60148 | WordPress Subscribe to Download Plugin <= 2.0.9 - Broken Access Control Vulnerability |
| CVE-2025-60152 | WordPress Subscribe To Unlock Plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-60155 | WordPress WP Virtual Assistant Plugin <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-60159 | WordPress Nota Fiscal Eletrônica WooCommerce Plugin <= 3.4.0.6 - Broken Access Control Vulnerability |
| CVE-2025-60165 | WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability |
| CVE-2025-60166 | WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-68048 | WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability |
| CVE-2025-68050 | WordPress Leadpages plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-68057 | WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2025-68058 | WordPress Institutions Directory plugin <= 1.3..4 - Broken Access Control vulnerability |
| CVE-2025-68059 | WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2025-68069 | WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability |
| CVE-2025-67571 | WordPress WPFunnels plugin <= 3.6.2 - Broken Access Control vulnerability |
| CVE-2025-67939 | WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability |
| CVE-2025-67942 | WordPress Peach Payments Gateway plugin <= 3.3.6 - Broken Access Control vulnerability |
| CVE-2025-67956 | WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability |
| CVE-2025-67958 | WordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerability |
| CVE-2025-67965 | WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability |
| CVE-2025-67967 | WordPress Lawyer Directory plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2025-67969 | WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-67970 | WordPress Schedula plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-67973 | WordPress Sunshine Photo Cart plugin <= 3.5.6.2 - Broken Access Control vulnerability |
| CVE-2025-67974 | WordPress WPLegalPages plugin <= 3.5.4 - Broken Access Control vulnerability |
| CVE-2025-67975 | WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-67976 | WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-67977 | WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-67993 | WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability |
| CVE-2025-67994 | WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-68000 | WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2025-67572 | WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability |
| CVE-2025-67573 | WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability |
| CVE-2025-67574 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability |
| CVE-2025-67575 | WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2025-67576 | WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability |
| CVE-2025-67577 | WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability |
| CVE-2025-67578 | WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability |
| CVE-2025-67579 | WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability |
| CVE-2025-67580 | WordPress Constant Contact + WooCommerce plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2025-67581 | WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-67582 | WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-67583 | WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability |
| CVE-2025-67584 | WordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2025-67586 | WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability |
| CVE-2025-67588 | WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability |
| CVE-2025-67589 | WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability |
| CVE-2025-67592 | WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability |
| CVE-2025-67597 | WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability |
| CVE-2025-67599 | WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-67624 | WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-67737 | AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE |
| CVE-2025-68911 | WordPress Solace theme <= 2.1.16 - Broken Access Control vulnerability |
| CVE-2025-68920 | C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files... |
| CVE-2025-68947 | NSecsoft NSecKrnl process termination privilege escalation |
| CVE-2025-68976 | WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability |
| CVE-2025-68980 | WordPress WeDesignTech Portfolio plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-68981 | WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-68982 | WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-68993 | WordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2025-68003 | WordPress Shown Connector plugin <= 1.2.10 - Settings Change vulnerability |
| CVE-2025-68005 | WordPress Easy Hotel Booking plugin <= 1.8.7 - Broken Access Control vulnerability |
| CVE-2025-68007 | WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability |
| CVE-2025-68009 | WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-68013 | WordPress Payment Gateway Authorize.Net CIM for WooCommerce plugin <= 2.1.2 - Arbitrary Content Deletion vulnerability |
| CVE-2025-68016 | WordPress onepay Payment Gateway For WooCommerce plugin <= 1.1.2 - Other Vulnerability Type vulnerability |
| CVE-2025-68018 | WordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerability |
| CVE-2025-68019 | WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability |
| CVE-2025-68020 | WordPress WANotifier plugin <= 2.7.12 - Broken Access Control vulnerability |
| CVE-2025-68021 | WordPress ConveyThis plugin <= 269.5 - Broken Access Control vulnerability |
| CVE-2025-68022 | WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability |
| CVE-2025-68023 | WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability |
| CVE-2025-68024 | WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability |
| CVE-2025-68025 | WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability |
| CVE-2025-68026 | WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability |
| CVE-2025-68028 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability |
| CVE-2025-68072 | WordPress Easy Property Listings plugin <= 3.5.17 - Broken Access Control vulnerability |
| CVE-2025-68073 | WordPress GDPR CCPA Compliance Support plugin <= 2.7.4 - Broken Access Control vulnerability |
| CVE-2025-68084 | WordPress Ultimate Auction plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2025-68085 | WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability |
| CVE-2025-68086 | WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-68087 | WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-68088 | WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-6813 | aapanel WP Toolkit 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() Fun... |
| CVE-2025-6814 | Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function |
| CVE-2025-69015 | WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability |
| CVE-2025-69016 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.12 - Broken Access Control vulnerability |
| CVE-2025-69022 | WordPress HR Management Lite plugin <= 3.5 - Broken Access Control vulnerability |
| CVE-2025-69023 | WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability |
| CVE-2025-69024 | WordPress BizPrint plugin <= 4.6.7 - Broken Access Control vulnerability |
| CVE-2025-69027 | WordPress Product Delivery Date for WooCommerce – Lite plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2025-6864 | SeaCMS admin_type.php cross-site request forgery |
| CVE-2025-6865 | DaiCuo index cross-site request forgery |
| CVE-2025-68834 | WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerab... |
| CVE-2025-68837 | WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability |
| CVE-2025-68850 | WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability |
| CVE-2025-68861 | WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Access Control vulnerability |
| CVE-2025-68882 | WordPress Scalenut plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-68896 | WordPress WDV One Page Docs plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-69220 | LibreChat has Insufficient Access Control for Agent Files |
| CVE-2025-69221 | LibreChat has Insufficient Access Control for Agent Permission Queries |
| CVE-2025-69297 | WordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerability |
| CVE-2025-69298 | WordPress Gauge theme <= 6.56.4 - Broken Access Control vulnerability |
| CVE-2025-69300 | WordPress Premium Addons for Elementor plugin <= 4.11.63 - Settings Change vulnerability |
| CVE-2025-69303 | WordPress ModelTheme Framework plugin <= 1.9.2 - Broken Access Control vulnerability |
| CVE-2025-69311 | WordPress Broadstreet Ads plugin <= 1.52.1 - Broken Access Control vulnerability |
| CVE-2025-68994 | WordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2025-69028 | WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability |
| CVE-2025-69031 | WordPress Arcane theme <= 3.6.6 - Broken Access Control vulnerability |
| CVE-2025-69052 | WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2025-69063 | WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2025-69091 | WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-69093 | WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability |
| CVE-2025-69095 | WordPress Reservation Plugin plugin <= 1.7 - Settings Change vulnerability |
| CVE-2025-69181 | WordPress Lawyer Directory plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2025-69184 | WordPress Institutions Directory plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2025-69185 | WordPress Hotel Listing plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2025-69186 | WordPress Hospital Doctor Directory plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2025-69187 | WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2025-69188 | WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2025-69190 | WordPress Listihub theme <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-69191 | WordPress ListingHub plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-69192 | WordPress Real Estate Pro plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2025-69193 | WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2025-68995 | WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-69009 | WordPress Medicalequipment theme <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-69010 | WordPress Themebeez Toolkit plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2025-69012 | WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability |
| CVE-2025-69013 | WordPress Stratum plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2025-7756 | code-projects E-Commerce Site cross-site request forgery |
| CVE-2025-69313 | WordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerability |
| CVE-2025-69315 | WordPress Simply Schedule Appointments plugin <= 1.6.9.15 - Broken Access Control vulnerability |
| CVE-2025-69327 | WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-69331 | WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability |
| CVE-2025-69333 | WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability |
| CVE-2025-7040 | Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Actio... |
| CVE-2025-7047 | Missing Authorization in Utarit Informatics' SoliClub |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery |
| CVE-2025-7821 | WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation |
| CVE-2025-7822 | WP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/Disable |
| CVE-2025-7827 | Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-7828 | WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion |
| CVE-2025-7834 | PHPGurukul Complaint Management System cross-site request forgery |
| CVE-2025-7956 | Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search... |
| CVE-2025-68032 | WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability |
| CVE-2025-68036 | WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability |
| CVE-2025-68039 | WordPress WP BackItUp plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-68042 | WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-68043 | WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2025-69336 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability |
| CVE-2025-69340 | WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-69341 | WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-69344 | WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability |
| CVE-2025-69345 | WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability |
| CVE-2025-69346 | WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability |
| CVE-2025-69348 | WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability |
| CVE-2025-69349 | WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2025-69352 | WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability |
| CVE-2025-69353 | WordPress Proxy & VPN Blocker plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-69354 | WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability |
| CVE-2025-7772 | Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscrib... |
| CVE-2025-7782 | WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status' |
| CVE-2025-8434 | code-projects Online Movie Streaming admin.php authorization |
| CVE-2025-8435 | code-projects Online Movie Streaming admin-control.php authorization |
| CVE-2025-8446 | Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install |
| CVE-2025-8059 | B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function |
| CVE-2025-8152 | WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status... |
| CVE-2025-8223 | jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery |
| CVE-2025-8268 | Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion |
| CVE-2025-8285 | Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin |
| CVE-2025-8310 | Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a rem... |
| CVE-2025-8322 | Ventem|e-School - Missing Authorization |
| CVE-2025-8335 | code-projects Simple Car Rental System cross-site request forgery |
| CVE-2025-8342 | WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass |
| CVE-2025-8357 | Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion |
| CVE-2025-8418 | B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Ins... |
| CVE-2025-8423 | My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion |
| CVE-2025-8425 | My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-8482 | Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration |
| CVE-2025-8565 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to... |
| CVE-2025-8593 | GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installat... |
| CVE-2025-8595 | Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import |
| CVE-2025-8886 | Authorization Bypass in Usta Information Systems' Aybs Interaktif |
| CVE-2025-8887 | IDOR in Usta Information Systems' Aybs Interaktif |
| CVE-2025-8898 | Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Acc... |
| CVE-2025-8992 | mtons mblog cross-site request forgery |
| CVE-2025-8996 | Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097 |
| CVE-2025-8999 | Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update |
| CVE-2025-9018 | Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deleti... |
| CVE-2025-9029 | WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authenti... |
| CVE-2025-9054 | MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Op... |
| CVE-2025-9076 | Mattermost Server exposes sensitive user credentials during shared channel membership synchronization |
| CVE-2025-9194 | Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean |
| CVE-2025-9202 | ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation |
| CVE-2025-69355 | WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability |
| CVE-2025-69359 | WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability |
| CVE-2025-69361 | WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability |
| CVE-2025-69363 | WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-69364 | WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability |
| CVE-2025-69381 | WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability |
| CVE-2025-69385 | WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-69388 | WordPress Cliengo – Chatbot plugin <= 3.0.4 - Broken Access Control vulnerability |
| CVE-2025-69393 | WordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-6993 | Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_lo... |
| CVE-2025-8682 | Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation |
| CVE-2025-8712 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-8739 | zhenfeng13 My-Blog save cross-site request forgery |
| CVE-2025-9331 | Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import |
| CVE-2025-9542 | AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions |
| CVE-2025-9544 | Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation |
| CVE-2025-7133 | CodeAstro Online Movie Ticket Booking System cross-site request forgery |
| CVE-2025-7499 | BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure |
| CVE-2025-7663 | Ovatheme Events Manager <= 1.8.6 - Missing Authorization |
| CVE-2025-7664 | Al Pack <= 1.0.2 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function |
| CVE-2025-7665 | Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_passw... |
| CVE-2025-7695 | Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_passw... |
| CVE-2025-7717 | File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089 |
| CVE-2025-8778 | NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compress... |
| CVE-2025-8796 | LitmusChaos Litmus Delete Request delete_project authorization |
| CVE-2025-8807 | xujeff tianti 天梯 save authorization |
| CVE-2025-8814 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery |
| CVE-2025-9133 | A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmwar... |
| CVE-2026-0572 | WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_opti... |
| CVE-2026-0593 | WP Go Maps (formerly WP Google Maps) <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Mod... |
| CVE-2025-9218 | rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure... |
| CVE-2025-9219 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update |
| CVE-2025-9243 | Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status F... |
| CVE-2025-9484 | Missing Authorization in GitLab |
| CVE-2025-9637 | Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Informatio... |
| CVE-2025-9747 | Koillection csrf_protection_controller.js cross-site request forgery |
| CVE-2025-9825 | Missing Authorization in GitLab |
| CVE-2025-9954 | Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105 |
| CVE-2025-9979 | Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export |
| CVE-2025-9984 | Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure |
| CVE-2026-0486 | Missing Authorization Check in ABAP based SAP systems |
| CVE-2026-0488 | Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) |
| CVE-2026-0490 | Denial of service (DOS) in SAP BusinessObjects BI Platform |
| CVE-2026-0497 | Missing Authorization check in Business Server Pages Application (Product Designer Web UI) |
| CVE-2026-0503 | Missing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management) |
| CVE-2026-0506 | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2026-0509 | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2026-0511 | Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation) |
| CVE-2026-0548 | Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Atta... |
| CVE-2026-0554 | NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset |
| CVE-2026-1142 | PHPGurukul News Portal cross-site request forgery |
| CVE-2026-1148 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery |
| CVE-2026-1153 | technical-laohu mpay cross-site request forgery |
| CVE-2026-1169 | birkir prime cross-site request forgery |
| CVE-2026-1217 | Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite |
| CVE-2026-1253 | Group Chat & Video Chat by AtomChat <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update |
| CVE-2026-1254 | Modula Image Gallery – Photo Grid & Video Gallery <= 2.13.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary... |
| CVE-2026-1280 | Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Paramete... |
| CVE-2026-1298 | Easy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement |
| CVE-2026-1303 | MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection |
| CVE-2026-1310 | Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion |
| CVE-2026-1321 | Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level' |
| CVE-2026-1336 | AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification |
| CVE-2026-1355 | Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports |
| CVE-2026-1431 | Booking Calendar <= 10.14.13 - Missing Authorization to Unauthenticated Booking Details Exposure |
| CVE-2026-1640 | Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation |
| CVE-2026-1650 | MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion |
| CVE-2026-1655 | EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Para... |
| CVE-2026-1656 | Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification |
| CVE-2026-1657 | EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint |
| CVE-2026-1663 | Missing Authorization in GitLab |
| CVE-2026-1671 | Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File |
| CVE-2026-1674 | Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder <= 1.6.0 - Authenticated (Cont... |
| CVE-2026-1720 | WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation <= 1.4.24 - Missing Authorization to A... |
| CVE-2026-1722 | WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation |
| CVE-2026-1734 | Zhong Bang CRMEB crontab Endpoint CrontabController.php authorization |
| CVE-2026-1745 | SourceCodester Medical Certificate Generator App cross-site request forgery |
| CVE-2026-1748 | Invoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information Exp... |
| CVE-2026-1751 | Missing Authorization in GitLab |
| CVE-2026-1781 | MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion |
| CVE-2026-1786 | Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update |
| CVE-2026-1787 | LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion |
| CVE-2026-1797 | Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files |
| CVE-2026-2001 | WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2026-20155 | Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability |
| CVE-2026-2022 | Smart Forms <= 2.6.99 - Missing Authorization to Authenticated (Subscriber+) Campaign Data Exposure |
| CVE-2026-2031 | Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution. |
| CVE-2026-2038 | GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability |
| CVE-2026-2039 | GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability |
| CVE-2026-20888 | Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass) |
| CVE-2026-2127 | SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2026-21429 | Emlog has Broken Access Control (BAC) |
| CVE-2026-21743 | A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions... |
| CVE-2026-21865 | Discourse topic conversion permission vulnerability for moderators |
| CVE-2026-2208 | WeKan Rules rules.js RulesBleed authorization |
| CVE-2026-22172 | OpenClaw < 2026.3.12 - Scope Elevation in WebSocket Shared-Auth Connections |
| CVE-2026-22182 | wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType |
| CVE-2026-2233 | User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Author... |
| CVE-2026-22348 | WordPress Civic Cookie Control plugin <= 1.53 - Broken Access Control vulnerability |
| CVE-2026-22350 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Broken Access Control vulnerability |
| CVE-2025-9549 | Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099 |
| CVE-2026-0814 | Advanced CF7 DB <= 2.0.9 - Missing Authorization to Authenticated (Subscriber+) Form Submissions Excel Export |
| CVE-2026-0817 | CampaignEvents API missing authorization exposes meeting and chat URLs |
| CVE-2026-0820 | RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders |
| CVE-2026-0825 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.5 - Missing Authorization to Unauthenticated Form Data Exfiltrat... |
| CVE-2026-0829 | Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending |
| CVE-2026-0832 | New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclos... |
| CVE-2026-0845 | WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update |
| CVE-2026-0927 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary F... |
| CVE-2026-0929 | RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation |
| CVE-2026-0974 | Orderable <= 1.20.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2026-0998 | Mattermost Zoom Plugin allows unauthorized meeting creation and post modification via insufficient API access controls |
| CVE-2026-1000 | MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion |
| CVE-2026-1003 | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Au... |
| CVE-2026-1004 | Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2026-1036 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment... |
| CVE-2026-1054 | RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification |
| CVE-2026-1103 | AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions |
| CVE-2026-1104 | FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Cr... |
| CVE-2026-1499 | WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action |
| CVE-2026-1537 | LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure |
| CVE-2026-1830 | Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload |
| CVE-2026-1831 | YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation |
| CVE-2026-1833 | WaMate Confirm <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Phone Number Blocking/Unblocking |
| CVE-2026-1835 | lcg0124 BootDo cross-site request forgery |
| CVE-2026-1860 | Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure |
| CVE-2026-1870 | Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure |
| CVE-2026-1890 | LeadConnector < 3.0.22 - Unauthenticated Rest Call |
| CVE-2026-1897 | WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization |
| CVE-2026-1900 | Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update |
| CVE-2026-0635 | Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordio... |
| CVE-2026-0656 | iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Informat... |
| CVE-2026-0674 | WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2026-0676 | WordPress Zorka theme <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2026-0679 | Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api'... |
| CVE-2026-0687 | Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management |
| CVE-2026-0692 | BlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulat... |
| CVE-2026-0727 | Accordion and Accordion Slider <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modificat... |
| CVE-2026-22461 | WordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerability |
| CVE-2026-22466 | WordPress WP MapIt plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2026-22468 | WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Broken Access Control vulnerability |
| CVE-2026-22472 | WordPress Easy Form Builder plugin <= 3.9.6 - Broken Access Control vulnerability |
| CVE-2026-22479 | WordPress Easy Post Submission plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2026-22481 | WordPress BD Courier Order Ratio Checker plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2026-22485 | WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability |
| CVE-2026-22486 | WordPress Re Gallery plugin <= 1.18.9 - Broken Access Control vulnerability |
| CVE-2025-8487 | Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation |
| CVE-2025-8488 | Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated... |
| CVE-2025-8492 | Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution |
| CVE-2025-8505 | 495300897 wx-shop cross-site request forgery |
| CVE-2026-2301 | Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMet... |
| CVE-2026-22351 | WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2026-22445 | WordPress Apimo Connector plugin <= 2.6.5.2 - Broken Access Control vulnerability |
| CVE-2026-22447 | WordPress Prowess theme <= 1.8.1 - Broken Access Control vulnerability |
| CVE-2026-22450 | WordPress Don Peppe theme <= 1.3 - Broken Access Control vulnerability |
| CVE-2026-22458 | WordPress Wanderland theme <= 1.5 - Broken Access Control vulnerability |
| CVE-2026-22459 | WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2026-23632 | Gogs user can update repository content with read-only permission |
| CVE-2026-23681 | Missing Authorization check in a function module in SAP Support Tools Plug-In |
| CVE-2026-23683 | Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation) |
| CVE-2026-23688 | Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services) |
| CVE-2026-2371 | Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' |
| CVE-2026-23721 | OpenProject users with "View Members" permission in any project can view all Group memberships |
| CVE-2026-2373 | Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Cu... |
| CVE-2026-23799 | WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability |
| CVE-2026-23804 | WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability |
| CVE-2026-23806 | WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability |
| CVE-2026-2306 | Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation |
| CVE-2026-2312 | Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion an... |
| CVE-2026-23477 | Rocket.Chat Unauthorized Access to OAuth App Details |
| CVE-2026-23517 | Fleet has an Access Control vulnerability in debug/pprof endpoints |
| CVE-2026-22487 | WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2026-22488 | WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2026-22490 | WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability |
| CVE-2026-22492 | WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability |
| CVE-2026-22517 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability |
| CVE-2026-22522 | WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2026-22592 | Gogs is Vulnerable to Denial of Service |
| CVE-2026-2263 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.10.2 - Missing Authorization to Unauthenticated Conversion T... |
| CVE-2026-22663 | prompts.chat Authorization Bypass Information Disclosure |
| CVE-2026-22680 | OpenViking < 0.3.3 Missing Authorization via Task Polling |
| CVE-2026-22683 | Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE |
| CVE-2026-22765 | Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missing Authorization vulnerability. A low privileged attack... |
| CVE-2026-2284 | News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss |
| CVE-2026-24322 | Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) |
| CVE-2026-24326 | Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations) |
| CVE-2026-24327 | Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application) |
| CVE-2026-23875 | CrawlChat's Discord Bot has a Knowledge Permission vulnerability |
| CVE-2026-23972 | WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability |
| CVE-2026-23974 | WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability |
| CVE-2026-23977 | WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2026-23990 | Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims |
| CVE-2026-24004 | Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint |
| CVE-2026-24042 | Appsmith public apps can execute unpublished actions (viewMode confusion) |
| CVE-2026-24095 | Missing Permission Check on Analyze Configuration Page |
| CVE-2026-24134 | StudioCMS has an Authorization Bypass Through User-Controlled Key |
| CVE-2026-24139 | MyTube Allows Unauthorized Database Export by Guest Users |
| CVE-2026-24309 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2026-24310 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2026-24312 | Missing authorization check in SAP Business Workflow |
| CVE-2026-24313 | Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) |
| CVE-2026-24522 | WordPress WP Subscribe plugin <= 1.2.16 - Broken Access Control vulnerability |
| CVE-2026-24524 | WordPress Tablesome plugin <= 1.2.8 - Broken Access Control vulnerability |
| CVE-2026-24525 | WordPress CLP Varnish Cache plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2026-24529 | WordPress Quick Restaurant Reservations plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2026-24530 | WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2026-24532 | WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability |
| CVE-2026-24534 | WordPress Booter plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2026-24535 | WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2026-24539 | WordPress Protección de datos – RGPD plugin <= 0.68 - Broken Access Control vulnerability |
| CVE-2026-24540 | WordPress Integrate Google Drive plugin <= 1.5.6 - Broken Access Control vulnerability |
| CVE-2026-24541 | WordPress Download After Email plugin <= 2.1.9 - Broken Access Control vulnerability |
| CVE-2026-24543 | WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability |
| CVE-2026-24544 | WordPress HD Quiz plugin <= 2.0.9 - Broken Access Control vulnerability |
| CVE-2026-24551 | WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2026-24556 | WordPress ElementCamp plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2026-24560 | WordPress Cloudinary plugin <= 3.3.2 - Broken Access Control vulnerability |
| CVE-2026-24561 | WordPress FluentBoards plugin <= 1.91.1 - Broken Access Control vulnerability |
| CVE-2026-24562 | WordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerability |
| CVE-2026-24563 | WordPress LifePress plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2026-24566 | WordPress iNET Webkit plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2026-24567 | WordPress Anything Order by Terms plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2026-24568 | WordPress WP Travel plugin <= 11.1.0 - Broken Access Control vulnerability |
| CVE-2026-24569 | WordPress Media Library File Size plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2026-24570 | WordPress Edwiser Bridge plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2026-24571 | WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2026-24577 | WordPress Pie Register plugin <= 3.8.4.8 - Broken Access Control vulnerability |
| CVE-2026-24578 | WordPress Admin login URL Change plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2026-24579 | WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2026-2458 | Unauthorized channel enumeration in private teams after member removal |
| CVE-2026-24580 | WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability |
| CVE-2026-24581 | WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability |
| CVE-2026-24583 | WordPress SumUp Payment Gateway For WooCommerce plugin <= 2.7.9 - Broken Access Control vulnerability |
| CVE-2026-24353 | WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability |
| CVE-2026-24356 | WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability |
| CVE-2026-24357 | WordPress WP Recipe Maker plugin <= 10.2.4 - Broken Access Control vulnerability |
| CVE-2026-24358 | WordPress Quiz And Survey Master plugin <= 10.3.3 - Broken Access Control vulnerability |
| CVE-2026-24362 | WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability |
| CVE-2026-24363 | WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability |
| CVE-2026-24364 | WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability |
| CVE-2026-24366 | WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability |
| CVE-2026-24368 | WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability |
| CVE-2026-24369 | WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability |
| CVE-2026-24371 | WordPress BA Book Everything plugin <= 1.8.16 - Broken Access Control vulnerability |
| CVE-2026-24375 | WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2026-24376 | WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability |
| CVE-2026-24380 | WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability |
| CVE-2026-24382 | WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability |
| CVE-2026-24585 | WordPress Hyyan WooCommerce Polylang Integration plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2026-24587 | WordPress AJAX Hits Counter + Popular Posts Widget plugin <= 0.10.210305 - Broken Access Control vulnerability |
| CVE-2026-24588 | WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability |
| CVE-2026-24595 | WordPress Zoho CRM Lead Magnet plugin <= 1.8.1.9 - Broken Access Control vulnerability |
| CVE-2026-24598 | WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2026-24603 | WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2026-24604 | WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2026-24605 | WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability |
| CVE-2026-24606 | WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability |
| CVE-2026-24607 | WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2026-24612 | WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability |
| CVE-2026-24613 | WordPress Ecwid Shopping Cart plugin <= 7.0.6 - Broken Access Control vulnerability |
| CVE-2026-24615 | WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability |
| CVE-2026-24616 | WordPress WP Popups plugin <= 2.2.0.5 - Broken Access Control vulnerability |
| CVE-2026-24619 | WordPress PopCash.Net Code Integration Tool plugin <= 1.8 - Broken Access Control vulnerability |
| CVE-2026-24386 | WordPress Element Invader – Template Kits for Elementor plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2026-24387 | WordPress WP Quick Post Duplicator plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2026-24388 | WordPress WPMasterToolKit plugin <= 2.14.0 - Broken Access Control vulnerability |
| CVE-2026-24421 | phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user |
| CVE-2026-2446 | Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update |
| CVE-2026-24633 | WordPress Add Expires Headers & Optimized Minify plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2026-24636 | WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability |
| CVE-2026-24777 | OpenProject has Improper Access Control on User Management allows user managers to lock admin accounts |
| CVE-2026-2488 | ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion |
| CVE-2026-24939 | WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability |
| CVE-2026-24940 | WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2026-24941 | WordPress WP Job Portal plugin <= 2.4.4 - Broken Access Control vulnerability |
| CVE-2026-24944 | WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability |
| CVE-2026-24945 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.34 - Broken Access Control vulnerability |
| CVE-2026-24946 | WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability |
| CVE-2026-1906 | PDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifie... |
| CVE-2026-1916 | WPGSI: Spreadsheet Integration <= 3.8.3 - Missing Authorization to Unauthenticated Arbitrary Post Creation and Deletion via F... |
| CVE-2026-1925 | EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Po... |
| CVE-2026-1926 | Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation |
| CVE-2026-1927 | GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Dis... |
| CVE-2026-1932 | Appointment Booking Calendar Plugin <= 1.0.2 - Missing Authorization to Unauthenticated Arbitrary Appointment Status Modifica... |
| CVE-2026-1935 | Company Posts for LinkedIn <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary LinkedIn Post Data Delet... |
| CVE-2026-1937 | YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state'... |
| CVE-2026-1938 | YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/licen... |
| CVE-2026-1942 | Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Pos... |
| CVE-2026-1944 | CallbackKiller service widget <= 1.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Update |
| CVE-2026-1948 | NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deact... |
| CVE-2026-1981 | Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion |
| CVE-2026-23522 | Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion |
| CVE-2026-24947 | WordPress LA-Studio Element Kit for Elementor plugin < 1.5.6.3 - Broken Access Control vulnerability |
| CVE-2026-24951 | WordPress myCred plugin <= 2.9.7.3 - Broken Access Control vulnerability |
| CVE-2026-24957 | WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability |
| CVE-2026-24965 | WordPress Contest Gallery plugin <= 28.1.1 - Broken Access Control vulnerability |
| CVE-2026-24967 | WordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerability |
| CVE-2026-24972 | WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2026-24982 | WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability |
| CVE-2026-24984 | WordPress Visual Link Preview plugin <= 2.2.9 - Broken Access Control vulnerability |
| CVE-2026-24985 | WordPress WP Forms Signature Contract Add-On plugin <= 1.8.2 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2026-24987 | WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2026-24990 | WordPress WP Docs plugin <= 2.2.8 - Broken Access Control vulnerability |
| CVE-2026-24994 | WordPress Sunshine Photo Cart plugin <= 3.5.7.2 - Broken Access Control vulnerability |
| CVE-2026-24995 | WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability |
| CVE-2026-24996 | WordPress WPElemento Importer plugin <= 0.6.4 - Broken Access Control vulnerability |
| CVE-2026-24997 | WordPress Wired Impact Volunteer Management plugin <= 2.8 - Broken Access Control vulnerability |
| CVE-2026-24622 | WordPress Suggestion Toolkit plugin <= 5.0 - Broken Access Control vulnerability |
| CVE-2026-24625 | WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2026-24627 | WordPress Trusona for WordPress plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2026-2463 | Unauthorized access to invite ID during team creation |
| CVE-2026-2515 | Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update |
| CVE-2026-25164 | OpenEMR's Document and Insurance REST Endpoints Skip ACL |
| CVE-2026-2518 | FastX <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation |
| CVE-2026-25242 | Gogs allows unauthenticated file uploads |
| CVE-2026-25308 | WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability |
| CVE-2026-25309 | WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability |
| CVE-2026-25311 | WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2026-25312 | WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability |
| CVE-2026-25313 | WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability |
| CVE-2026-25314 | WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability |
| CVE-2026-25315 | WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability |
| CVE-2026-25317 | WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability |
| CVE-2026-25318 | WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability |
| CVE-2026-25320 | WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2026-25321 | WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability |
| CVE-2026-25323 | WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability |
| CVE-2026-25327 | WordPress Five Star Restaurant Reservations plugin <= 2.7.9 - Broken Access Control vulnerability |
| CVE-2026-25329 | WordPress Quiz And Survey Master plugin <= 10.3.4 - Broken Access Control vulnerability |
| CVE-2026-25330 | WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability |
| CVE-2026-25332 | WordPress Endless Posts Navigation plugin <= 2.2.9 - Broken Access Control vulnerability |
| CVE-2026-25333 | WordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2026-25335 | WordPress Secure Copy Content Protection and Content Locking plugin <= 5.0.0 - Broken Access Control vulnerability |
| CVE-2026-25336 | WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2026-25338 | WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability |
| CVE-2026-25348 | WordPress Download Alt Text AI plugin <= 1.10.15 - Broken Access Control vulnerability |
| CVE-2026-25363 | WordPress FooGallery plugin <= 3.1.11 - Broken Access Control vulnerability |
| CVE-2026-25364 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.8 - Broken Access Control vulnerability |
| CVE-2026-25365 | WordPress Kargo Takip plugin < 0.2.4 - Broken Access Control vulnerability |
| CVE-2026-25367 | WordPress CitiLights theme < 3.7.2 - Broken Access Control vulnerability |
| CVE-2026-25368 | WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability |
| CVE-2026-25517 | Wagtail has improper permission handling on admin preview endpoints |
| CVE-2026-25531 | Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects |
| CVE-2026-25538 | Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage |
| CVE-2026-2559 | Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite |
| CVE-2026-25609 | profile command may permit unauthorized configuration |
| CVE-2026-25633 | Statamic's missing authorization allows access to assets |
| CVE-2026-25742 | Zulip: Anonymous File Access After Disabling Spectator Access |
| CVE-2026-25752 | FUXA Unauthenticated Remote Arbitrary Device Tag Write |
| CVE-2026-25768 | LavinMQ is missing vhost access control |
| CVE-2026-25806 | PlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR) |
| CVE-2026-25808 | Hollo DMs get leaked and can be seen on Webfinger Browser |
| CVE-2026-25810 | PlaciPy is Missing Object-Level Authorization in student.submission.routes.ts |
| CVE-2026-25876 | PlaciPy is Missing Authorization on Assessment Results Endpoint |
| CVE-2026-25903 | Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates |
| CVE-2026-25939 | FUXA Unauthenticated Remote Arbitrary Scheduler Write |
| CVE-2026-26939 | Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration |
| CVE-2026-26977 | Frappe Learning Management System exposes details of unpublished courses to unauthorized users |
| CVE-2026-26979 | Discourse: TL4 users are able to change status of restricted topics |
| CVE-2026-27021 | Discourse: Poll voters endpoint lacked post visibility checks |
| CVE-2026-27042 | WordPress NotificationX plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2026-27046 | WordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerability |
| CVE-2026-27055 | WordPress Penci AI SmartContent Creator plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2026-27056 | WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2026-2732 | Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background... |
| CVE-2026-27327 | WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2026-27328 | WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability |
| CVE-2026-27344 | WordPress inseri core plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2026-27361 | WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerability |
| CVE-2026-27362 | WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2026-27368 | WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulner... |
| CVE-2026-27374 | WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2026-27386 | WordPress DesignThemes Directory Addon plugin <= 1.8 - Broken Access Control vulnerability |
| CVE-2026-27387 | WordPress DirectoryPress plugin <= 3.6.26 - Broken Access Control vulnerability |
| CVE-2026-27388 | WordPress DesignThemes Booking Manager plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2026-27393 | WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability |
| CVE-2026-27396 | WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability |
| CVE-2026-27405 | WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2026-27416 | WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2026-27424 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability |
| CVE-2026-27454 | Discourse has check revision visibility on posts endpoint |
| CVE-2026-27457 | Weblate: Missing access control for the AddonViewSet API exposes all addon configurations |
| CVE-2026-27468 | Mastodon may allow unconfirmed FASP to make subscriptions |
| CVE-2026-27471 | ERP: Document access through endpoints due to missing validation |
| CVE-2026-27484 | OpenClaw Discord moderation authorization used untrusted sender identity in tool-driven flows |
| CVE-2026-27491 | Discourse has a bypass of official warnings messages by non-staff users |
| CVE-2026-27769 | Connected Workspaces: Malicious remote server can manipulate arbitrary user's status |
| CVE-2026-27792 | Seerr missing authentication on pushSubscription endpoints |
| CVE-2026-27796 | Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak) |
| CVE-2026-27833 | Piwigo: Unauthenticated Information Disclosure via pwg.history.search API |
| CVE-2026-27836 | phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint |
| CVE-2026-27946 | ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API |
| CVE-2026-27954 | LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints |
| CVE-2026-28038 | WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability |
| CVE-2026-28070 | WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability |
| CVE-2026-28071 | WordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerability |
| CVE-2026-28076 | WordPress Guff theme <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2026-28080 | WordPress Rank Math SEO PRO plugin <= 3.0.95 - Broken Access Control vulnerability |
| CVE-2026-28515 | openDCIM <= 23.04 Missing Authorization in install.php |
| CVE-2026-28554 | wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler |
| CVE-2026-28555 | wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler |
| CVE-2026-28556 | wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers |
| CVE-2026-28557 | wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler |
| CVE-2026-28790 | OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login |
| CVE-2026-2890 | Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse |
| CVE-2026-2899 | Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion |
| CVE-2026-2900 | Missing Authorization in GitLab |
| CVE-2026-29070 | Open WebUI has unauthorized deletion of knowledge files |
| CVE-2026-29072 | Discourse missing permission check for policy creation in discourse-policy |
| CVE-2026-29073 | SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access |
| CVE-2026-29180 | Fleet's team maintainer can transfer hosts from any team via missing source team authorization |
| CVE-2026-2941 | Linksy Search and Replace <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Update via links... |
| CVE-2026-29789 | Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification |
| CVE-2026-2992 | KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard |
| CVE-2026-30233 | OliveTin: View permission not being checked when returning dashboards |
| CVE-2026-3045 | Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settin... |
| CVE-2026-3056 | Seraphinite Accelerator <= 2.28.14 - Missing Authorization to Authenticated (Subscriber+) Log Clearing |
| CVE-2026-3072 | Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modifica... |
| CVE-2026-30784 | RustDesk hbbs/hbbr Servers Broker Connections Without Any Authorization Check |
| CVE-2026-30797 | RustDesk rustdesk://config/ URI Silently Re-homes Client to Attacker-Controlled Server |
| CVE-2026-30823 | Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration |
| CVE-2026-30842 | Wallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded Avatars |
| CVE-2026-30845 | Wekan Exposes Sensitive Data through Lack of Field Filtering During Board Publication |
| CVE-2026-30850 | Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization |
| CVE-2026-30885 | WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure |
| CVE-2026-30889 | Discourse has Unauthorized Post Data Exposure in discourse-user-notes |
| CVE-2026-30911 | Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization |
| CVE-2026-30920 | OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding |
| CVE-2026-30926 | SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content |
| CVE-2026-30950 | AutoGPT has Authenticated Session Hijacking via IDOR |
| CVE-2026-30956 | OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header |
| CVE-2026-30959 | OneUptime has WhatsApp Resend Verification Authorization Bypass |
| CVE-2026-30968 | Coral Server has insufficient validation of agent identity for SSE connections |
| CVE-2026-30970 | Session authentication bypass in Coral Server session creation endpoint |
| CVE-2026-3098 | Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll |
| CVE-2026-3117 | Instance and webhook GitLab plugin commands were able to be run by non-admin users |
| CVE-2026-3138 | Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE T... |
| CVE-2026-3143 | Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation |
| CVE-2026-3155 | OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'po... |
| CVE-2026-31800 | Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes |
| CVE-2026-31821 | Sylius is Missing Authorization in API v2 Add Item Endpoint |
| CVE-2026-31834 | Umbraco Affected by Vertical Privilege Escalation via Missing Authorization Checks |
| CVE-2026-31915 | WordPress Flatsome theme <= 3.19.6 - Broken Access Control vulnerability |
| CVE-2026-31916 | WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability |
| CVE-2026-31919 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2026-31921 | WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2026-3193 | Chia Blockchain send_transaction cross-site request forgery |
| CVE-2026-3208 | Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosu... |
| CVE-2026-32122 | OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2) |
| CVE-2026-32126 | OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Pla... |
| CVE-2026-32131 | ZITADEL Cross-Tenant Information Disclosure in Management API |
| CVE-2026-32230 | Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a s... |
| CVE-2026-3225 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion |
| CVE-2026-3226 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering |
| CVE-2026-32268 | Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability |
| CVE-2026-32270 | Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonym... |
| CVE-2026-32312 | GLPI: Unauthorized export of form structure |
| CVE-2026-32329 | WordPress Advanced Related Posts plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2026-32331 | WordPress Textmetrics plugin <= 3.6.4 - Broken Access Control vulnerability |
| CVE-2026-32332 | WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability |
| CVE-2026-32334 | WordPress JobScout theme <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2026-32335 | WordPress The Conference theme <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2026-32336 | WordPress Rara Business theme <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2026-32337 | WordPress Preschool and Kindergarten theme <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2026-32338 | WordPress Construction Landing Page theme <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2026-32339 | WordPress Bakes And Cakes theme <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2026-32340 | WordPress Business One Page theme <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2026-32341 | WordPress Benevolent theme <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2026-32345 | WordPress Perfect Portfolio theme <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2026-32346 | WordPress Travel Agency theme <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2026-32347 | WordPress Restaurant and Cafe theme <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2026-24999 | WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability |
| CVE-2026-25000 | WordPress Wheel of Life plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2026-25003 | WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2026-25009 | WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability |
| CVE-2026-25010 | WordPress Share This Image plugin <= 2.09 - Broken Access Control vulnerability |
| CVE-2026-25011 | WordPress WP Custom Admin Interface plugin <= 7.41 - Broken Access Control vulnerability |
| CVE-2026-25012 | WordPress WP Bannerize Pro plugin <= 1.11.0 - Broken Access Control vulnerability |
| CVE-2026-25016 | WordPress Nelio Popups plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2026-25019 | WordPress Atarim plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2026-25020 | WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2026-25021 | WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability |
| CVE-2026-25026 | WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability |
| CVE-2026-25028 | WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2026-25034 | WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability |
| CVE-2026-25036 | WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability |
| CVE-2026-2504 | Dealia – Request a quote <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Plugin Configuration Reset |
| CVE-2026-25045 | Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role) |
| CVE-2026-25058 | Vexa's unauthenticated internal transcript endpoint exposed by default |
| CVE-2026-25083 | GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in... |
| CVE-2026-25124 | OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export |
| CVE-2026-25131 | OpenEMR has Broken Access Control in Procedures Configuration |
| CVE-2026-2608 | Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization |
| CVE-2026-26083 | A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSa... |
| CVE-2026-26103 | Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api |
| CVE-2026-26104 | Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api |
| CVE-2026-26207 | DIscourse's discourse-policy plugin lacks post access check |
| CVE-2026-26268 | Cursor sandbox escape via Git hooks |
| CVE-2026-2633 | Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Up... |
| CVE-2026-26358 | Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker wit... |
| CVE-2026-26367 | JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount |
| CVE-2026-26368 | JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword |
| CVE-2026-2651 | Missing Authorization Validation in mlflow/mlflow |
| CVE-2026-2658 | newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery |
| CVE-2026-27066 | WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability |
| CVE-2026-27071 | WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability |
| CVE-2026-27091 | WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability |
| CVE-2026-27092 | WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2026-27111 | Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints |
| CVE-2026-27150 | Discourse doesn't ensure guardian check when creating QueryGroupBookmark |
| CVE-2026-27151 | Discourse doesn't validate destination topic when moving posts |
| CVE-2026-27181 | MajorDoMo Unauthenticated Module Uninstall via Market Endpoint |
| CVE-2026-2720 | Hr Press Lite <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure |
| CVE-2026-27608 | Parse Dashboard Missing Authorization on Agent Endpoint |
| CVE-2026-27638 | ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode |
| CVE-2026-27672 | Missing Authorization check in Material Master Application |
| CVE-2026-27673 | Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise) |
| CVE-2026-27676 | Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures) |
| CVE-2026-27677 | Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment) |
| CVE-2026-27678 | Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures) |
| CVE-2026-27679 | Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures) |
| CVE-2026-27686 | Missing Authorization check in SAP Business Warehouse (Service API) |
| CVE-2026-27687 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal |
| CVE-2026-27688 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2026-28104 | WordPress Site Suggest plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2026-2819 | Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization |
| CVE-2026-28217 | IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections |
| CVE-2026-28254 | Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge |
| CVE-2026-2826 | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) M... |
| CVE-2026-28276 | Initiative Allows Unauthenticated Access to Uploaded Documents via Public /uploads/ Endpoint |
| CVE-2026-28408 | WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php |
| CVE-2026-28424 | Statamic's missing authorization allows access to email addresses |
| CVE-2026-28433 | Misskey lacks resource ownership validation |
| CVE-2026-32452 | WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability |
| CVE-2026-32453 | WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability |
| CVE-2026-32457 | WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability |
| CVE-2026-32461 | WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability |
| CVE-2026-32483 | WordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerability |
| CVE-2026-32485 | WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability |
| CVE-2026-32486 | WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2026-32487 | WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2026-32489 | WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability |
| CVE-2026-32495 | WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability |
| CVE-2026-32498 | WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability |
| CVE-2026-32501 | WordPress WP Configurator Pro plugin <= 3.7.9 - Broken Access Control vulnerability |
| CVE-2026-32514 | WordPress Petitioner plugin <= 0.7.3 - Broken Access Control vulnerability |
| CVE-2026-32515 | WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability |
| CVE-2026-32527 | WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Con... |
| CVE-2026-32348 | WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2026-32350 | WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2026-32362 | WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2026-32363 | WordPress WPLifeCycle plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2026-32370 | WordPress Influencer theme <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2026-32371 | WordPress Elegant Pink theme <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2026-32373 | WordPress SMS Alert Order Notifications plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2026-32374 | WordPress The Minimal theme <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2026-32375 | WordPress Travel Diaries theme <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2026-32376 | WordPress Kalon theme <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2026-32377 | WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2026-32378 | WordPress Book Landing Page theme <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2026-32379 | WordPress Rara Academic theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2026-32380 | WordPress Numinous theme <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2026-32381 | WordPress App Landing Page theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2026-32382 | WordPress Digital Download theme <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2026-32383 | WordPress Ridhi theme <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2026-32385 | WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability |
| CVE-2026-32386 | WordPress Envo Extra plugin <= 1.9.13 - Broken Access Control vulnerability |
| CVE-2026-32387 | WordPress Checkout for PayPal plugin <= 1.0.46 - Broken Access Control vulnerability |
| CVE-2026-32388 | WordPress GLB theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2026-32390 | WordPress Nanosoft theme < 1.3.2 - Broken Access Control vulnerability |
| CVE-2026-32391 | WordPress SmartFix theme < 1.2.4 - Broken Access Control vulnerability |
| CVE-2026-32394 | WordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerability |
| CVE-2026-32395 | WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability |
| CVE-2026-32396 | WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability |
| CVE-2026-32397 | WordPress Filter & Grids plugin <= 3.5.1 - Broken Access Control vulnerability |
| CVE-2026-32402 | WordPress Image Slider by Ays plugin <= 2.7.1 - Broken Access Control vulnerability |
| CVE-2026-32404 | WordPress Studio99 WP Monitor plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2026-32406 | WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability |
| CVE-2026-32407 | WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2026-32408 | WordPress Brizy plugin <= 2.7.23 - Broken Access Control vulnerability |
| CVE-2026-32409 | WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability |
| CVE-2026-32410 | WordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerability |
| CVE-2026-32413 | WordPress Permalink Manager Lite plugin < 2.5.3 - Broken Access Control vulnerability |
| CVE-2026-32416 | WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2026-32417 | WordPress Pochipp plugin < 1.18.9 - Broken Access Control vulnerability |
| CVE-2026-32421 | WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2026-32423 | WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerability |
| CVE-2026-32425 | WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2026-32427 | WordPress VW Education Lite plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2026-32428 | WordPress Popup Like box plugin <= 3.7.7 - Broken Access Control vulnerability |
| CVE-2026-32432 | WordPress WP Time Slots Booking Form plugin <= 1.2.42 - Broken Access Control vulnerability |
| CVE-2026-32434 | WordPress VW Fitness theme <= 4.3.4 - Broken Access Control vulnerability |
| CVE-2026-32435 | WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability |
| CVE-2026-32436 | WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability |
| CVE-2026-32437 | WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2026-32438 | WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2026-32439 | WordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability |
| CVE-2026-32440 | WordPress WP Food plugin < 2.7.1 - Broken Access Control vulnerability |
| CVE-2026-32441 | WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability |
| CVE-2026-32442 | WordPress e2pdf plugin <= 1.28.15 - Broken Access Control vulnerability |
| CVE-2026-32445 | WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability |
| CVE-2026-32446 | WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability |
| CVE-2026-32447 | WordPress Atarim plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2026-32451 | WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability |
| CVE-2026-32622 | SQLBot: Remote Code Execution via Terminology Poisoning |
| CVE-2026-32648 | Anviz Products Missing Authorization |
| CVE-2026-32658 | Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker... |
| CVE-2026-3266 | Improper access control vulnerability has been discovered in OpenText™ Filr. |
| CVE-2026-32736 | Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure |
| CVE-2026-32817 | Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion |
| CVE-2026-32818 | Admidio is Missing Authorization on Forum Topic and Post Deletion |
| CVE-2026-33093 | Anviz Products Missing Authorization |
| CVE-2026-33137 | XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName} |
| CVE-2026-33141 | Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data |
| CVE-2026-33159 | Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users |
| CVE-2026-33160 | Craft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URL |
| CVE-2026-33484 | Langflow has Unauthenticated IDOR on Image Downloads |
| CVE-2026-33495 | Ory Oathkeeper has an authentication bypass by usage of untrusted header |
| CVE-2026-33501 | AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin |
| CVE-2026-3351 | Authorization Bypass in LXD GET /1.0/certificates Endpoint |
| CVE-2026-33514 | Discourse: Information Disclosure in Form Template API Due to Missing Authorization |
| CVE-2026-3358 | Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment |
| CVE-2026-3360 | Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter |
| CVE-2026-33631 | ClearanceKit: opfilter policy bypass via non-open file operations |
| CVE-2026-33632 | ClearanceKit: opfilter policy bypass via exchangedata and clone operations |
| CVE-2026-33638 | Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint |
| CVE-2026-33759 | AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents |
| CVE-2026-33761 | AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings |
| CVE-2026-33768 | Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path` |
| CVE-2026-33776 | Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information |
| CVE-2026-33785 | Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario |
| CVE-2026-33866 | Authorization Bypass in MLflow AJAX Endpoint |
| CVE-2026-33887 | Statamic allows unauthorized content access through missing authorization in its revision controllers |
| CVE-2026-33915 | OpenEMR Missing ACL Checks on Insurance Company API Routes |
| CVE-2026-33918 | OpenEMR Missing Authorization on Claim File Download Endpoint |
| CVE-2026-33934 | OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures |
| CVE-2026-33950 | signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity |
| CVE-2026-34042 | act: actions/cache server allows malicious cache injection |
| CVE-2026-34046 | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check |
| CVE-2026-34053 | OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler |
| CVE-2026-34154 | Discourse has a subscription access bypass in its discourse-subscriptions plugin |
| CVE-2026-34184 | Missing Authorization in Hydrosystem Control System |
| CVE-2026-34233 | CtrlPanel has Missing Authentication Checks in Datatable Admin Endpoints |
| CVE-2026-34245 | AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking |
| CVE-2026-34247 | AVideo's IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False... |
| CVE-2026-34256 | Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) |
| CVE-2026-3426 | RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification |
| CVE-2026-34261 | Missing Authorization check in SAP Business Analytics and SAP Content Management |
| CVE-2026-3431 | Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion |
| CVE-2026-3432 | Sim Studio AI - Unauthenticated OAuth Token Theft |
| CVE-2026-34358 | CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass |
| CVE-2026-34369 | AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification |
| CVE-2026-34395 | AVideo: Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php |
| CVE-2026-3445 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16... |
| CVE-2026-34837 | Zammad is miissing authorization in AI assistance controller for context data used in text tools |
| CVE-2026-3488 | WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Au... |
| CVE-2026-34899 | WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability |
| CVE-2026-34903 | WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2026-34976 | Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization |
| CVE-2026-3524 | Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check |
| CVE-2026-35438 | Windows Admin Center Elevation of Privilege Vulnerability |
| CVE-2026-35448 | WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php |
| CVE-2026-3550 | RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions |
| CVE-2026-35561 | Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver |
| CVE-2026-35598 | Vikunja has Missing Authorization on CalDAV Task Read |
| CVE-2026-35606 | File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check |
| CVE-2026-35620 | OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands |
| CVE-2026-35621 | OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence |
| CVE-2026-35631 | OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands |
| CVE-2026-3770 | SourceCodester Computer Laboratory Management System cross-site request forgery |
| CVE-2026-3829 | WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tamp... |
| CVE-2026-3831 | Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensi... |
| CVE-2026-3906 | WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API |
| CVE-2026-39348 | OrangeHRM is Missing Authorization Checks in AbstractFileController Subclasses Expose Job Specification and Vacancy Attachmen... |
| CVE-2026-39351 | Frappe allows unrestricted Doctype access via API exploit |
| CVE-2026-39355 | Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team... |
| CVE-2026-39360 | RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration |
| CVE-2026-39386 | Neko has Self-service Privilege Escalation for Authenticated Users |
| CVE-2026-39397 | @delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-regi... |
| CVE-2026-39401 | Privilege Escalation via update_event Job Output in Cronicle |
| CVE-2026-39429 | kcp's cache server is accessible without authentication or authorization checks |
| CVE-2026-39432 | WordPress Timetics plugin <= 1.0.53 - Broken Access Control vulnerability |
| CVE-2026-39476 | WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability |
| CVE-2026-39477 | WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2026-39485 | WordPress Youtube Embed Plus plugin <= 14.2.4 - Broken Access Control vulnerability |
| CVE-2026-39488 | WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2026-39501 | WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2026-39504 | WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability |
| CVE-2026-39505 | WordPress Seriously Simple Podcasting plugin <= 3.14.2 - Broken Access Control vulnerability |
| CVE-2026-39506 | WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability |
| CVE-2026-39509 | WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability |
| CVE-2026-39520 | WordPress weDocs plugin <= 2.1.18 - Broken Access Control vulnerability |
| CVE-2026-39528 | WordPress WP Delicious plugin <= 1.9.5 - Broken Access Control vulnerability |
| CVE-2026-39535 | WordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerability |
| CVE-2026-39543 | WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability |
| CVE-2026-39561 | WordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerability |
| CVE-2026-39562 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability |
| CVE-2026-39563 | WordPress Share This Image plugin <= 2.12 - Broken Access Control vulnerability |
| CVE-2026-39565 | WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability |
| CVE-2026-39569 | WordPress 12 Step Meeting List plugin <= 3.19.9 - Broken Access Control vulnerability |
| CVE-2026-39585 | WordPress Booktics plugin <= 1.0.16 - Broken Access Control vulnerability |
| CVE-2026-39588 | WordPress NM Gift Registry and Wishlist Lite plugin <= 5.13 - Broken Access Control vulnerability |
| CVE-2026-39592 | WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2026-39593 | WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2026-39602 | WordPress Order Tracking plugin <= 3.4.3 - Broken Access Control vulnerability |
| CVE-2026-39605 | WordPress Super Custom Login plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2026-39606 | WordPress BizReview plugin <= 1.5.13 - Broken Access Control vulnerability |
| CVE-2026-39607 | WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability |
| CVE-2026-39608 | WordPress iPOSpays Gateways WC plugin <= 1.3.7 - Broken Access Control vulnerability |
| CVE-2026-39609 | WordPress Wava Payment plugin <= 0.3.7 - Broken Access Control vulnerability |
| CVE-2026-39610 | WordPress WpXmas-Snow plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2026-39612 | WordPress KuteShop theme <= 4.2.9 - Arbitrary Shortcode Execution vulnerability |
| CVE-2026-39614 | WordPress JW Player for WordPress plugin <= 2.3.6 - Broken Access Control vulnerability |
| CVE-2026-3977 | projectsend AJAX Endpoints authorization |
| CVE-2026-39816 | Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService |
| CVE-2026-39967 | TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter |
| CVE-2026-4003 | Users manager – PN <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action |
| CVE-2026-40098 | OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclos... |
| CVE-2026-40117 | PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate |
| CVE-2026-40132 | Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard) |
| CVE-2026-40133 | Missing Authorization check in SAP S/4HANA Condition Maintenance |
| CVE-2026-40134 | Missing Authorization Check in SAP Incentive and Commission Management |
| CVE-2026-40185 | Missing Authorization on Immich Trip Photo Routes in TREK |
| CVE-2026-40189 | goshs has a file-based ACL authorization bypass in goshs state-changing routes |
| CVE-2026-4019 | Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via... |
| CVE-2026-4024 | Royal Addons for Elementor <= 1.7.1056 - Missing Authorization to Unauthenticated Form Action Meta Modification |
| CVE-2026-40265 | Note Mark has Broken Access Control on Asset Download |
| CVE-2026-4029 | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export |
| CVE-2026-4030 | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion |
| CVE-2026-4031 | Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception |
| CVE-2026-40349 | Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true |
| CVE-2026-4038 | Aimogen Pro <= 2.7.5 - Unauthenticated Privilege Escalation via Arbitrary Function Call |
| CVE-2026-40474 | wger has Broken Access Control in the Global Gym Configuration Update Endpoint |
| CVE-2026-40480 | ChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}` |
| CVE-2026-40502 | OpenHarness Remote Administrative Command Injection via Gateway Handler |
| CVE-2026-4056 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulat... |
| CVE-2026-4057 | Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal |
| CVE-2026-40570 | FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII |
| CVE-2026-40581 | ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion |
| CVE-2026-40592 | FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply |
| CVE-2026-40601 | Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle |
| CVE-2026-40623 | SenseLive X3050 Missing Authorization |
| CVE-2026-4063 | Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation |
| CVE-2026-4064 | Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticat... |
| CVE-2026-4065 | Smart Slider 3 <= 3.5.1.33 - Missing Authorization to Authenticated (Contributor+) Slider Data Read and Image Record Manipula... |
| CVE-2026-4066 | Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relat... |
| CVE-2026-40728 | WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability |
| CVE-2026-40729 | WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2026-40730 | WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability |
| CVE-2026-40740 | WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability |
| CVE-2026-40742 | WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability |
| CVE-2026-40763 | WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability |
| CVE-2026-40778 | WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2026-40786 | WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability |
| CVE-2026-40870 | Decidim's comments API allows access to all commentable resources |
| CVE-2026-40937 | RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webh... |
| CVE-2026-4094 | FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configu... |
| CVE-2026-40976 | In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. Fo... |
| CVE-2026-4100 | Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Proc... |
| CVE-2026-4109 | Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated... |
| CVE-2026-41128 | Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action |
| CVE-2026-4117 | CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action |
| CVE-2026-4119 | Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion v... |
| CVE-2026-41192 | FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments |
| CVE-2026-4124 | Ziggeo <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action |
| CVE-2026-41266 | Flowise: Sensitive Data Leak in public-chatbotConfig |
| CVE-2026-4127 | Speedup Optimization <= 1.5.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via 'speedup01_en... |
| CVE-2026-4128 | TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 't... |
| CVE-2026-41298 | OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint |
| CVE-2026-41315 | mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Inject... |
| CVE-2026-41349 | OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch |
| CVE-2026-41352 | OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass |
| CVE-2026-41378 | OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent Dispatch |
| CVE-2026-41382 | OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps |
| CVE-2026-41394 | OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth Routes |
| CVE-2026-41454 | WeKan < 8.35 Missing Authorization via Integration REST API |
| CVE-2026-41464 | ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php |
| CVE-2026-41477 | Deskflow: Local privilege escalation via unauthenticated IPC |
| CVE-2026-41498 | Kimai: Team API Missing Object-Level Authorization |
| CVE-2026-4162 | Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall |
| CVE-2026-41658 | Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items |
| CVE-2026-41679 | Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass |
| CVE-2026-4202 | Broken Access Control in extension "Redirect Tab" |
| CVE-2026-42051 | Kirby: System API endpoint leaks license data and installed version to authenticated users |
| CVE-2026-42069 | Kirby: Read access to site, user and role information is not gated by permissions |
| CVE-2026-42137 | Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialo... |
| CVE-2026-42174 | Kirby: User avatar creation, replacement and deletion are not gated by user update permissions |
| CVE-2026-42226 | n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay |
| CVE-2026-42228 | n8n: Hijacking of Unauthenticated Chat Execution |
| CVE-2026-42297 | Argo Workflows Is Missing Authorization in Sync ConfigMap Provider |
| CVE-2026-42377 | WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability |
| CVE-2026-42412 | WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2026-42433 | OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools |
| CVE-2026-42436 | OpenClaw < 2026.4.14 - Internal Page Content Exposure via Browser Snapshot and Screenshot Routes |
| CVE-2026-42439 | OpenClaw < 2026.4.10 - SSRF Policy Bypass in Browser Tabs Action Routes |
| CVE-2026-42461 | Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) |
| CVE-2026-42541 | Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call |
| CVE-2026-42569 | phpvms: /importer authorization bypass causing full database wipe |
| CVE-2026-4261 | Expire Users <= 1.2.2 - Authenticated (Subscriber+) Privilege Escalation to Administrator via save_extra_user_profile_fields |
| CVE-2026-42613 | Grav: Privilege Escalation via Missing Server-Side Validation of groups/access |
| CVE-2026-42642 | WordPress GiveWP plugin <= 4.14.5 - Broken Access Control vulnerability |
| CVE-2026-42648 | WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability |
| CVE-2026-4277 | Privilege abuse in GenericInlineModelAdmin |
| CVE-2026-42809 | Apache Polaris: staged table creation could vend storage credentials for unvalidated locations |
| CVE-2026-4281 | FormLift for Infusionsoft Web Forms <= 7.5.21 - Missing Authorization to Unauthenticated Infusionsoft Connection Hijack via O... |
| CVE-2026-4283 | WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users |
| CVE-2026-4292 | Privilege abuse in ModelAdmin.list_editable |
| CVE-2026-4299 | MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API |
| CVE-2026-4301 | Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating... |
| CVE-2026-4309 | Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device informatio... |
| CVE-2026-4326 | Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and... |
| CVE-2026-4331 | Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Pos... |
| CVE-2026-43567 | OpenClaw < 2026.4.10 - Path Traversal in screen_record outPath Parameter |
| CVE-2026-43568 | OpenClaw 2026.4.5 < 2026.4.10 - Privilege Escalation via Memory Dreaming Configuration in /dreaming Endpoint |
| CVE-2026-43572 | OpenClaw 2026.4.10 < 2026.4.14 - Missing Sender Authorization in Microsoft Teams SSO Invoke Handler |
| CVE-2026-43573 | OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes |
| CVE-2026-43575 | OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route |
| CVE-2026-43577 | OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes |
| CVE-2026-43579 | OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes |
| CVE-2026-43580 | OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions |
| CVE-2026-43583 | OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery |
| CVE-2026-4362 | ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite |
| CVE-2026-43638 | Bitwarden Server < 2026.4.1 Missing Authorization via Organization Cipher Import |
| CVE-2026-43639 | Bitwarden Server < 2026.4.0 Missing Authorization via Provider Clients |
| CVE-2026-4365 | LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion |
| CVE-2026-43885 | WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization |
| CVE-2026-44010 | Craft CMS: Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure |
| CVE-2026-44012 | Craft CMS: Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure |
| CVE-2026-44125 | Missing Authorization in GINAv2 |
| CVE-2026-4432 | YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR |
| CVE-2026-44392 | Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privi... |
| CVE-2026-44442 | ERPNext: Unauthorised Document modification due to missing validation |
| CVE-2026-44448 | ERPNext: Unauthorised Document modification due to missing validation |
| CVE-2026-44482 | soundcloud-rpc: Remote Code Execution via XSS in Track Title |
| CVE-2026-44550 | Open WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts |
| CVE-2026-44554 | Open WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite |
| CVE-2026-44555 | Open WebUI: Base Model Routing Bypasses Access Control via Model Chaining |
| CVE-2026-44556 | Open WebUI: responses passthrough endpoint lacks access control authorization |
| CVE-2026-44558 | Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants |
| CVE-2026-44559 | Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels |
| CVE-2026-44560 | Open WebUI: Unauthorized File and Knowledge Base Content Access via RAG Vector Search |
| CVE-2026-44562 | Open WebUI: Model Import Overwrites Any Model Without Ownership Check |
| CVE-2026-44563 | Open WebUI: Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show |
| CVE-2026-44569 | Open WebUI: Insecure Message Access Breaks Authorization |
| CVE-2026-44571 | Open WebUI: Improper Authorization in Standard Channels Allows Message Updates with Read Permission |
| CVE-2026-44592 | Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning |
| CVE-2026-44718 | Mathesar: Missing collaborator checks allowed access to saved explorations in other databases |
| CVE-2026-44719 | Mathesar: Missing collaborator checks allowed access to database-scoped Mathesar metadata |
| CVE-2026-4484 | Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator |
| CVE-2026-44994 | OpenClaw < 2026.4.22 - Authentication Bypass in Gateway Control UI Bootstrap Config Endpoint |
| CVE-2026-45001 | OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access |
| CVE-2026-45007 | phpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information Disclosure |
| CVE-2026-45147 | SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk |
| CVE-2026-45210 | WordPress Broadstreet Ads plugin <= 1.52.2 - Broken Access Control vulnerability |
| CVE-2026-45212 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.4.0.3 - Broken Access Control vulnerability |
| CVE-2026-45242 | Summarize < 0.15.1 Path Traversal via slidesDir Parameter |
| CVE-2026-45243 | Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script |
| CVE-2026-45244 | Summarize < 0.15.1 Unapproved Browser Automation Execution |
| CVE-2026-45350 | Open WebUI: Chat completion API allows tool restrictions to be bypassed |
| CVE-2026-45371 | SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs |
| CVE-2026-45395 | Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Executi... |
| CVE-2026-45399 | Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disrup... |
| CVE-2026-45442 | WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability |
| CVE-2026-45443 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability |
| CVE-2026-45667 | Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS) |
| CVE-2026-4590 | kalcaddle kodbox loginSubmit API index.class.php cross-site request forgery |
| CVE-2026-4607 | ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification |
| CVE-2026-4609 | ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining |
| CVE-2026-46365 | phpMyFAQ - Missing Authorization in Tag Deletion Endpoint |
| CVE-2026-4650 | FundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status... |
| CVE-2026-4666 | wpForo Forum <= 2.4.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Forum Post Modification via 'guestpos... |
| CVE-2026-4683 | Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update |
| CVE-2026-47100 | Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX |
| CVE-2026-4807 | Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion |
| CVE-2026-4812 | Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Fie... |
| CVE-2026-4818 | Some management operations on data streams are not properly restricted when user does not have the necessary privileges |
| CVE-2026-4843 | GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset |
| CVE-2026-4916 | Missing Authorization in GitLab |
| CVE-2026-4925 | Improper access control in the users MFA feature in Devolutions Server allows an authenticated user to bypass administrator-e... |
| CVE-2026-4949 | ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription |
| CVE-2026-4968 | SourceCodester Diary App diary.php cross-site request forgery |
| CVE-2026-4971 | SourceCodester Note Taking App cross-site request forgery |
| CVE-2026-4977 | UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter |
| CVE-2026-5022 | Langflow - Missing Authorization on download_image Endpoint |
| CVE-2026-5025 | Langflow - Application Logs Exposed to All Authenticated Users |
| CVE-2026-5146 | Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to... |
| CVE-2026-5163 | Missing authorization check in AI message rewrite endpoint allows access to private thread content |
| CVE-2026-5175 | Improper access control in the multi-factor authentication (MFA) management API in Devolutions Server allows an authenticated... |
| CVE-2026-5200 | AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router' |
| CVE-2026-5294 | GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX A... |
| CVE-2026-5347 | WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter |
| CVE-2026-5371 | MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin In... |
| CVE-2026-5387 | AVEVA Pipeline Simulation Missing Authorization |
| CVE-2026-5427 | Kubio AI Page Builder <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block At... |
| CVE-2026-5464 | ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process |
| CVE-2026-5488 | ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Actio... |
| CVE-2026-5502 | Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order |
| CVE-2026-5572 | Technostrobe HI-LED-WR120-G2 cross-site request forgery |
| CVE-2026-5574 | Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization |
| CVE-2026-5624 | ProjectSend upload.php cross-site request forgery |
| CVE-2026-5693 | Smart Appointment & Booking <= 1.0.8 - Missing Authorization to Unauthenticated Arbitrary Booking Cancellation |
| CVE-2026-5753 | All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup S... |
| CVE-2026-5944 | Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access |
| CVE-2026-6109 | FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery |
| CVE-2026-6145 | User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Paramet... |
| CVE-2026-6214 | Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via formin... |
| CVE-2026-6222 | Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'formi... |
| CVE-2026-6235 | Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests |
| CVE-2026-6372 | WordPress Accept Cryptocurrencies with Plisio plugin <= 2.0.5 - Payment Bypass vulnerability |
| CVE-2026-6393 | BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage |
| CVE-2026-6441 | Canto <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Setting Modification |
| CVE-2026-6472 | PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege |
| CVE-2026-6506 | InfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta U... |
| CVE-2026-6510 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe' |
| CVE-2026-6512 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters |
| CVE-2026-6589 | ComfyUI server.py create_origin_only_middleware cross-site request forgery |
| CVE-2026-6663 | GWD Connect <= 2.9 - Unauthenticated Limited Code Execution via update_agent |
| CVE-2026-6667 | PgBouncer missing authorization check in KILL_CLIENT admin command |
| CVE-2026-6703 | Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions |
| CVE-2026-6706 | Improper access control in the vault documentation feature in Devolutions Server allows an authenticated attacker to read d... |
| CVE-2026-6708 | HEL Online Classroom: AI-powered Online Classrooms <= 1.0.3 - Missing Authorization to Unauthenticated Arbitrary Classroom De... |
| CVE-2026-6709 | Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via... |
| CVE-2026-6834 | aEnrich|a+HRD - Missing Authorization |
| CVE-2026-6883 | Missing Authorization in GitLab |
| CVE-2026-6963 | WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_p... |
| CVE-2026-7050 | Forms Rb <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via 'form_id' Parameter |
| CVE-2026-7051 | Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitr... |
| CVE-2026-7108 | code-projects Invoice System in Laravel cross-site request forgery |
| CVE-2026-7249 | Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purgi... |
| CVE-2026-7525 | My Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication via 'event_approved' P... |
| CVE-2026-7563 | Classified Listing <= 5.3.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via add_order_note... |
| CVE-2026-7879 | Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password() |
| CVE-2026-8077 | Weak credentials vulnerability in the CashDro 3 web administration panel |
| CVE-2026-8096 | Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_a... |
| CVE-2026-8144 | Missing Authorization in GitLab |
| CVE-2026-8194 | osTicket Dispatcher class.dispatcher.php cross-site request forgery |
| CVE-2026-8236 | Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate for endpoint /ccm/system/dialo... |
| CVE-2026-8237 | Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint |
| CVE-2026-8238 | Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated rea... |
| CVE-2026-8239 | Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating' |
| CVE-2026-8381 | Broken Access Control in TeamViewer DEX Platform (On Premises) |
| CVE-2026-8407 | Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no addition... |
| CVE-2026-8495 | Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037 |
| CVE-2026-8610 | TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification v... |
| CVE-2026-8681 | Essential Chat Support <= 1.0.1 - Missing Authorization to Unauthenticated Settings Reset via 'ecs_reset_settings' Parameter |
| CVE-2026-8684 | MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_upd... |
| CVE-2026-8692 | Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_... |
| CVE-2026-9011 | Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action |
| CVE-2026-9224 | Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user... |
| CVE-2026-9246 | Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user... |
| CVE-2026-9251 | Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated u... |
| CVE-2026-9255 | Tool Execution Without Authorization via Piped Stdin in Kiro CLI |
| CVE-2026-9284 | WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure |
| CVE-2026-9303 | calcom cal.diy cross-site request forgery |
| CVE-2026-9350 | NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization |
| CVE-2026-25370 | WordPress WP Compress plugin <= 6.60.28 - Broken Access Control vulnerability |
| CVE-2026-25372 | WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2026-25374 | WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2026-25375 | WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability |
| CVE-2026-25384 | WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability |
| CVE-2026-25386 | WordPress Ally plugin <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2026-25387 | WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2026-25388 | WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability |
| CVE-2026-25390 | WordPress New User Approve plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2026-25391 | WordPress WP Wand plugin <= 1.3.07 - Broken Access Control vulnerability |
| CVE-2026-25393 | WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2026-25394 | WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2026-25395 | WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2026-25396 | WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability |
| CVE-2026-25398 | WordPress Vertex Addons for Elementor plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2026-25399 | WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2026-25401 | WordPress WPCargo Track & Trace plugin <= 8.0.2 - Broken Access Control vulnerability |
| CVE-2026-25402 | WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability |
| CVE-2026-25404 | WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2026-25407 | WordPress Cookiebot plugin <= 4.6.4 - Broken Access Control vulnerability |
| CVE-2026-25408 | WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2026-25409 | WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2026-25410 | WordPress WP-CORS plugin <= 0.2.2 - Broken Access Control vulnerability |
| CVE-2026-25415 | WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability |
| CVE-2026-25416 | WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2026-25419 | WordPress UpsellWP plugin <= 2.2.5 - Broken Access Control vulnerability |
| CVE-2026-25420 | WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability |
| CVE-2026-25423 | WordPress Real 3D FlipBook plugin <= 4.19.1 - Broken Access Control vulnerability |
| CVE-2026-25430 | WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Contr... |
| CVE-2026-25437 | WordPress GZSEO plugin <= 2.0.14 - Broken Access Control vulnerability |
| CVE-2026-25441 | WordPress LeadConnector plugin <= 3.0.21 - Broken Access Control vulnerability |
| CVE-2026-25443 | WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability |
| CVE-2026-25454 | WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability |
| CVE-2026-25455 | WordPress Product Slider for WooCommerce plugin <= 1.13.61 - Broken Access Control vulnerability |
| CVE-2026-25456 | WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability |
| CVE-2026-25459 | WordPress Sober theme <= 3.5.12 - Broken Access Control vulnerability |
| CVE-2026-25460 | WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability |
| CVE-2026-25462 | WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2026-25469 | WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability |
| CVE-2026-25473 | WordPress WZone plugin <= 14.0.31 - Broken Access Control vulnerability |
| CVE-2026-33685 | AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data |
| CVE-2026-33708 | Chamilo LMS has REST API PII Exposure via get_user_info_from_username |
| CVE-2026-33712 | TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls |
| CVE-2026-34722 | Zammad is missing authorization in ticket create endpoint |
| CVE-2026-34737 | AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug |
| CVE-2026-3475 | Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter |
| CVE-2026-34759 | OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SM... |
| CVE-2026-34766 | Electron: USB device selection not validated against filtered device list |
| CVE-2026-3477 | PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter |
| CVE-2026-34782 | Zammad has improper access control in AI assistance controller for text tools |
| CVE-2026-3480 | WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Pa... |
| CVE-2026-35033 | Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection |
| CVE-2026-3506 | WP-Chatbot for Messenger <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover |
| CVE-2026-35061 | Anviz Products Missing Authorization |
| CVE-2026-35063 | Missing Authorization in OpenPLC_V3 |
| CVE-2026-35175 | Ajenti has an authorization bypass during custom package installation |
| CVE-2026-35179 | WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php |
| CVE-2026-35182 | Missing Authorization Privilege Escalation |
| CVE-2026-32541 | WordPress Premmerce Redirect Manager plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2026-32543 | WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2026-32546 | WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability |
| CVE-2026-32562 | WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability |
| CVE-2026-32565 | WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability |
| CVE-2026-32583 | WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability |
| CVE-2026-32586 | WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability |
| CVE-2026-32587 | WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability |
| CVE-2026-33161 | Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users |
| CVE-2026-33162 | Craft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permis... |
| CVE-2026-33177 | Statamic is missing authorization check on taxonomy term creation via fieldtype |
| CVE-2026-33214 | Weblate has improper access control for the translation memory API |
| CVE-2026-33229 | XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API |
| CVE-2026-33290 | WPGraphQL Repo's updateComment allows low-privileged authenticated users to change comment moderation status (comment_approve... |
| CVE-2026-33304 | OpenEMR has Authorization Bypass in Dated Reminders Log |
| CVE-2026-33305 | OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor |
| CVE-2026-33316 | Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement |
| CVE-2026-33318 | Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers |
| CVE-2026-3335 | Canto <= 3.1.1 - Missing Authorization to Unauthenticated File Upload |
| CVE-2026-33353 | Soft Serve: Authenticated repo import can clone server-local private repositories |
| CVE-2026-33357 | Meari OpenAPI device status IDOR |
| CVE-2026-33359 | Meari unauthenticated alert image access in cloud object storage |
| CVE-2026-33408 | Discourse has Improper Authorization in "Post Edits" Report For Moderators |
| CVE-2026-33413 | etcd: Authorization bypasses in multiple APIs |
| CVE-2026-33420 | Vaultwarden missing authorization check allows Manager-role users to enumerate all collections |
| CVE-2026-33423 | Discourse staff can modify any user's group notification level |
| CVE-2026-33425 | Discourse has inferable private group membership or existence via exclude_groups parameter |
| CVE-2026-33426 | Discourse users can edit or synonymize hidden tags they can't see |
| CVE-2026-33427 | Discourse Authorization Page Displays Unvalidated Redirect Domain |
| CVE-2026-33470 | Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id... |
| CVE-2026-35660 | OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset |
| CVE-2026-35662 | OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action |
| CVE-2026-3567 | RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_set... |
| CVE-2026-3569 | Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint |
| CVE-2026-3570 | Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter |
| CVE-2026-3571 | Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Regist... |
| CVE-2026-3581 | Basic Google Maps Placemarks <= 1.10.7 - Missing Authorization to Unauthenticated Default Map Coordinate Update |
| CVE-2026-3582 | Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope |
| CVE-2026-3595 | Riaxe Product Customizer <= 2.1.2 - Unauthenticated Arbitrary User Deletion via 'user_id' Parameter |
| CVE-2026-3596 | Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation... |
| CVE-2026-3601 | User Registration & Membership <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Limited Page Content Modifica... |
| CVE-2026-3614 | AcyMailing 9.11.0 - 10.8.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2026-3637 | Mattermost fails to enforce create_post permission when editing posts |
| CVE-2026-3638 | Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-pri... |
| CVE-2026-3642 | e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX |
| CVE-2026-3645 | Punnel <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update via 'punnel_save_config' AJAX Action |
| CVE-2026-3646 | LTL Freight Quotes – R+L Carriers Edition <= 3.3.13 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2026-3649 | Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'kat... |
| CVE-2026-3651 | Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-... |
| CVE-2026-39622 | WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2026-39624 | WordPress Biolife theme <= 3.2.3 - Arbitrary Shortcode Execution vulnerability |
| CVE-2026-39627 | WordPress Ashe theme <= 2.266 - Broken Access Control vulnerability |
| CVE-2026-39631 | WordPress WPSchoolPress plugin <= 2.2.35 - Broken Access Control vulnerability |
| CVE-2026-39637 | WordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerability |
| CVE-2026-39639 | WordPress RPS Include Content plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2026-39643 | WordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control vulnerability |
| CVE-2026-39644 | WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2026-39648 | WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability |
| CVE-2026-39649 | WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2026-39650 | WordPress UnitechPay plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2026-39651 | WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability |
| CVE-2026-23541 | WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability |
| CVE-2026-23543 | WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability |
| CVE-2026-23545 | WordPress Aruba HiSpeed Cache plugin <= 3.0.4 - Broken Access Control vulnerability |
| CVE-2026-23547 | WordPress CMSMasters Content Composer plugin <= 2.5.8 - Broken Access Control vulnerability |
| CVE-2026-23548 | WordPress DirectoryPress plugin <= 3.6.25 - Broken Access Control vulnerability |
| CVE-2026-39652 | WordPress iGMS Direct Booking plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2026-39653 | WordPress Video Conferencing with Zoom plugin <= 4.6.6 - Broken Access Control vulnerability |
| CVE-2026-39656 | WordPress Razorpay for WooCommerce plugin <= 4.8.2 - Broken Access Control vulnerability |
| CVE-2026-39657 | WordPress leadlovers forms plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2026-39658 | WordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerability |
| CVE-2026-39659 | Без описания... |
| CVE-2026-39660 | Без описания... |
| CVE-2026-39662 | WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability |
| CVE-2026-39663 | WordPress TrueBooker plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2026-39664 | WordPress Leadrebel plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2026-39668 | WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2026-39669 | WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability |
| CVE-2026-39672 | WordPress ShipTime: Discounted Shipping Rates plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2026-39673 | WordPress iZooto plugin <= 3.7.20 - Broken Access Control vulnerability |
| CVE-2026-39675 | WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability |
| CVE-2026-39676 | WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability |
| CVE-2026-39678 | WordPress Pinpoint Booking System plugin <= 2.9.9.6.5 - Broken Access Control vulnerability |
| CVE-2026-39680 | WordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2026-39682 | WordPress linkPizza-Manager plugin <= 5.5.5 - Broken Access Control vulnerability |
| CVE-2026-39685 | WordPress The Moneytizer plugin <= 10.0.10 - Broken Access Control vulnerability |
| CVE-2026-39687 | WordPress Rapid Car Check Vehicle Data plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2026-39688 | WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2026-39689 | WordPress eShipper Commerce plugin <= 2.16.12 - Broken Access Control vulnerability |
| CVE-2026-39690 | WordPress Author Avatars List/Block plugin <= 2.1.25 - Broken Access Control vulnerability |
| CVE-2026-39691 | WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 2.2.13 - Broken Access Control vulnerability |
| CVE-2026-39694 | WordPress Simply Schedule Appointments plugin <= 1.6.10.2 - Broken Access Control vulnerability |
| CVE-2026-39697 | WordPress MAIO – The new AI GEO / SEO tool plugin <= 6.2.8 - Broken Access Control vulnerability |
| CVE-2026-39698 | WordPress The Publisher Desk ads.txt plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2026-39699 | WordPress AI Workflow Automation plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2026-39700 | WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability |
| CVE-2026-39701 | WordPress ShopWP plugin <= 5.2.4 - Broken Access Control vulnerability |
| CVE-2026-39704 | WordPress Precious Metals Automated Product Pricing – Pro plugin <= 4.0.5 - Broken Access Control vulnerability |
| CVE-2026-39705 | WordPress MIPL WC Multisite Sync plugin <= 1.4.4 - Broken Access Control vulnerability |
| CVE-2026-39706 | WordPress Make My Trivia plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2026-39707 | WordPress Accept PayPal Payments using Contact Form 7 plugin <= 4.0.4 - Broken Access Control vulnerability |
| CVE-2026-39713 | WordPress Mailercloud – Integrate webforms and synchronize website contacts plugin <= 1.0.7 - Broken Access Control vulnerabi... |
| CVE-2026-39714 | WordPress G5Plus April theme <= 6.8 - Broken Access Control vulnerability |
| CVE-2026-39715 | WordPress AnyTrack Affiliate Link Manager plugin <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2026-39716 | WordPress Flipmart theme <= 2.8 - Broken Access Control vulnerability |
НКЦКИ уязвимости
Бюллетени НКЦКИ - уязвимости ПО
| Идентификатор | Дата бюллетеня | Описание |
|---|---|---|
| VULN:20230724-11 | 24.07.2023 | Обход безопасности в NETGEAR NMS300 |
| VULN:20231122-29 | 22.11.2023 | Выполнение произвольного кода в NEC Corporation EXPRESSCLUSTER X and EXPRESSCLUSTER SingleServerSafe |
| VULN:20240126-19 | 26.01.2024 | Выполнение произвольного кода в GoAnywhere MFT |
| VULN:20240320-6 | 20.03.2024 | Получение конфиденциальной информации в Chrome OS |
| VULN:20240403-1 | 03.04.2024 | Выполнение произвольного кода в Anyscale Ray |
| VULN:20240419-26 | 19.04.2024 | Обход безопасности в Oracle Linux |
| VULN:20240517-65 | 17.05.2024 | Повышение привилегий в macOS |
| VULN:20240605-22 | 05.06.2024 | Перезапись произвольных файлов в Unifier |
| VULN:20241202-86 | 02.12.2024 | Выполнение произвольного кода в NVIDIA Base Command Manager |
| VULN:20241213-111 | 13.12.2024 | Получение конфиденциальной информации в Schneider Electric EcoStruxure IT Gateway |
| VULN:20241227-40 | 27.12.2024 | Выполнение произвольного кода в Dell Hybrid Client |
| VULN:20250110-42 | 10.01.2025 | Перезапись произвольных файлов в Junos Space |
| VULN:20250430-17 | 30.04.2025 | Получение конфиденциальной информации в Flynax Bridge plugin for WordPress |
| VULN:20250625-26 | 25.06.2025 | Чтение локальных файлов в Adobe Commerce and Magento Open Source |
| VULN:20251031-5 | 31.10.2025 | Получение конфиденциальной информации в Zyxel firewalls |
| VULN:20251031-65 | 31.10.2025 | Получение конфиденциальной информации в Junos Space Security Director |
| VULN:20251124-65 | 24.11.2025 | Обход безопасности в Junos Space Security Director |
| VULN:20260223-9 | 23.02.2026 | Повышение привилегий в Apple macOS Tahoe |
| VULN:20260506-2 | 06.05.2026 | Выполнение произвольного кода в Cisco Evolved Programmable Network Manager |
| VULN:20260526-65 | 26.05.2026 | Выполнение произвольного кода в FortiSandbox |
| VULN:20260526-92 | 26.05.2026 | Повышение привилегий в Microsoft Windows Admin Center |
| VULN:20260603-8 | 03.06.2026 | Получение конфиденциальной информации в Date iCal module for Drupal |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.