Export limit exceeded: 357661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8136 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10674 | 1 Themehunk | 1 Th Shop Mania | 2026-04-15 | 8.8 High |
| The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. | ||||
| CVE-2024-10673 | 1 Themehunk | 1 Top Store | 2026-04-15 | 8.8 High |
| The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. | ||||
| CVE-2024-10665 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete logs. | ||||
| CVE-2024-10664 | 2026-04-15 | 4.3 Medium | ||
| The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database. | ||||
| CVE-2024-10663 | 2026-04-15 | 4.3 Medium | ||
| The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason. | ||||
| CVE-2024-10629 | 1 Devfarm | 1 Wp Gpx Maps | 2026-04-15 | 8.8 High |
| The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-10589 | 1 Nouthemese | 1 Leopard | 2026-04-15 | 9.8 Critical |
| The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-10588 | 2 Eugenbobrowski, Wordpress | 2 Debug Tool, Wordpress | 2026-04-15 | 4.3 Medium |
| The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. | ||||
| CVE-2024-10586 | 1 Eugenbobrowski | 1 Debug Tool | 2026-04-15 | 9.8 Critical |
| The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue. | ||||
| CVE-2024-10092 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-04-15 | 4.3 Medium |
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones. | ||||
| CVE-2024-0629 | 2026-04-15 | 5.3 Medium | ||
| The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid. | ||||
| CVE-2024-34758 | 2 Wordpress, Wpmet | 2 Wordpress, Wp Fundraising Donation And Crowdfunding Platform | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4. | ||||
| CVE-2024-34768 | 2 Fastly, Wordpress | 2 Fastly, Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | ||||
| CVE-2025-53485 | 2026-04-15 | 7.5 High | ||
| SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-53495 | 2026-04-15 | 9.1 Critical | ||
| Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2. | ||||
| CVE-2024-34803 | 1 Fastly | 1 Fastly | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25. | ||||
| CVE-2024-34804 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | ||||
| CVE-2025-53499 | 2026-04-15 | 9.1 Critical | ||
| Missing Authorization vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Unauthorized Access.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2. | ||||
| CVE-2024-34820 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1. | ||||
| CVE-2023-7306 | 2 Najeebmedia, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2026-04-15 | 7.5 High |
| The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts. | ||||