Export limit exceeded: 11266 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11266 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1122 | 1 Themewinter | 1 Eventin | 2026-04-08 | 5.3 Medium |
| The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | ||||
| CVE-2024-1110 | 1 Podlove | 1 Podlove Podcast Publisher | 2026-04-08 | 5.3 Medium |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | ||||
| CVE-2024-7624 | 1 Zephyr-one | 1 Zephyr Project Manager | 2026-04-08 | 8.1 High |
| The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings. | ||||
| CVE-2024-13520 | 1 Codemenschen | 1 Gift Vouchers | 2026-04-08 | 5.3 Medium |
| The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.9. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. | ||||
| CVE-2024-13449 | 1 Ibsofts | 1 Boom Fest | 2026-04-08 | 4.3 Medium |
| The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website. | ||||
| CVE-2024-11583 | 1 Visualmodo | 1 Borderless | 2026-04-08 | 4.3 Medium |
| The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded. | ||||
| CVE-2024-11133 | 2 Imithemes, Wordpress | 2 Eventer, Wordpress | 2026-04-08 | 5.3 Medium |
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated attackers to download event tickets. | ||||
| CVE-2024-13677 | 1 Istmoplugins | 1 Get Bookings Wp | 2026-04-08 | 8.8 High |
| The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||
| CVE-2024-0983 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2026-04-08 | 4.3 Medium |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization. | ||||
| CVE-2024-0907 | 1 Basixonline | 1 Nex-forms | 2026-04-08 | 5.3 Medium |
| The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records. | ||||
| CVE-2024-0893 | 2 Hunch Manifest, Schemaapp | 2 Schema App Structured Data, Schema App Structured Data | 2026-04-08 | 4.3 Medium |
| The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata. | ||||
| CVE-2024-0869 | 1 Connekthq | 1 Instant Images - One Click Unsplash Uploads | 2026-04-08 | 8.8 High |
| The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. CVE-2024-33569 appears to be a duplicate of this issue. | ||||
| CVE-2024-0797 | 1 Pluginus | 1 Woot | 2026-04-08 | 4.3 Medium |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. | ||||
| CVE-2024-0791 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2026-04-08 | 4.3 Medium |
| The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. | ||||
| CVE-2024-0593 | 1 Presstigers | 1 Simple Job Board | 2026-04-08 | 5.3 Medium |
| The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. | ||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2026-04-08 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | ||||
| CVE-2024-0385 | 1 Frenify | 1 Categorify | 2026-04-08 | 4.3 Medium |
| The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories. | ||||
| CVE-2024-0372 | 1 Formviewswp | 1 Views For Wpforms | 2026-04-08 | 4.3 Medium |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | ||||
| CVE-2024-0324 | 1 Cozmoslabs | 1 Profile Builder | 2026-04-08 | 8.2 High |
| The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. | ||||
| CVE-2023-6985 | 1 10web | 1 Ai Assistant | 2026-04-08 | 6.5 Medium |
| The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. | ||||