Export limit exceeded: 11266 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11266 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4223 | 1 Themeum | 1 Tutor Lms | 2026-04-08 | 9.8 Critical |
| The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data. | ||||
| CVE-2024-4088 | 1 Wpattire | 1 Attire Blocks | 2026-04-08 | 4.3 Medium |
| The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access or above, to change the plugin's settings. Additionally, no nonce check is performed resulting in a CSRF vulnerability. | ||||
| CVE-2024-3893 | 2 Radiustheme, Techlabpro1 | 2 Classified Listing, Classified Listing Plugin | 2026-04-08 | 4.3 Medium |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements. | ||||
| CVE-2024-3609 | 1 Wpdeveloper | 1 Reviewx | 2026-04-08 | 4.3 Medium |
| The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments. | ||||
| CVE-2024-3607 | 1 Wp-property-hive | 1 Propertyhive | 2026-04-08 | 4.3 Medium |
| The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts | ||||
| CVE-2024-3606 | 1 Metagauss | 1 Profilegrid | 2026-04-08 | 4.3 Medium |
| The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments. | ||||
| CVE-2024-3601 | 1 Ays-pro | 1 Poll Maker | 2026-04-08 | 5.3 Medium |
| The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time. | ||||
| CVE-2024-3600 | 1 Ays-pro | 1 Poll Maker | 2026-04-08 | 7.2 High |
| The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page. | ||||
| CVE-2024-3553 | 1 Themeum | 1 Tutor Lms | 2026-04-08 | 6.5 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled. | ||||
| CVE-2024-3216 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2026-04-08 | 5.3 Medium |
| The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings. | ||||
| CVE-2024-3213 | 1 Relevanssi | 1 Relevanssi | 2026-04-08 | 5.3 Medium |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | ||||
| CVE-2024-2844 | 2 Easy-appointments, Easyappointments | 2 Easy Appointments, Easyappointments | 2026-04-08 | 4.3 Medium |
| The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. | ||||
| CVE-2024-2473 | 1 Wpserveur | 1 Wps Hide Login | 2026-04-08 | 5.3 Medium |
| The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. | ||||
| CVE-2024-2017 | 1 Edmonsoft | 1 Countdown Builder | 2026-04-08 | 5.4 Medium |
| The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns. | ||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2026-04-08 | 4.3 Medium |
| The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings. | ||||
| CVE-2024-1937 | 1 Brizy | 1 Brizy | 2026-04-08 | 7.1 High |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript. | ||||
| CVE-2024-1861 | 1 Billminozzi | 1 Anti Hacker | 2026-04-08 | 4.3 Medium |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table. | ||||
| CVE-2024-1851 | 1 Servit | 1 Affiliate-toolkit | 2026-04-08 | 6.3 Medium |
| The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists. | ||||
| CVE-2024-1778 | 1 Zestard | 1 Admin Side Data Storage For Contact Form 7 | 2026-04-08 | 4.3 Medium |
| The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses. | ||||
| CVE-2024-1652 | 1 Frenify | 1 Categorify | 2026-04-08 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories. | ||||