Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7644 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-51660 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Zakaria Binsaifullah Easy Accordion Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through 1.2.3.
CVE-2025-29013 1 Wordpress 1 Wordpress 2025-07-13 5.4 Medium
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9.
CVE-2025-30605 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in ldwin79 sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects sourceplay-navermap: from n/a through 0.0.2.
CVE-2024-49698 2 Pricelisto, Wordpress 2 Best Restaurant Menu By Pricelisto, Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.2.
CVE-2024-56219 2 Marketingfire, Wordpress 2 Widget-options, Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1.
CVE-2025-22779 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0.
CVE-2024-32804 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.
CVE-2024-50423 2 Templately, Wordpress 2 Templately, Wordpress 2025-07-13 5.4 Medium
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.
CVE-2023-32599 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.
CVE-2023-25993 2 Webberzone, Wordpress 2 Top 10, Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2024-11840 1 Wordpress 1 Wordpress 2025-07-13 7.1 High
The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks.
CVE-2024-11851 2 Nitropack, Wordpress 2 Nitropack, Wordpress 2025-07-13 4.3 Medium
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values.
CVE-2025-3058 1 Wordpress 1 Wordpress 2025-07-13 8.8 High
The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2023-37984 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10.
CVE-2023-32798 1 Wordpress 1 Wordpress 2025-07-13 5.3 Medium
Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.
CVE-2025-31841 1 Wordpress 1 Wordpress 2025-07-13 6.3 Medium
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FPW Category Thumbnails: from n/a through 1.9.5.
CVE-2023-46608 2 Wordpress, Wpdo 2 Wordpress, Dologin Security 2025-07-13 5.3 Medium
Missing Authorization vulnerability in WPDO DoLogin Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through 3.7.1.
CVE-2025-47457 1 Wordpress 1 Wordpress 2025-07-13 5.3 Medium
Missing Authorization vulnerability in dgamoni LocateAndFilter allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects LocateAndFilter: from n/a through 1.6.16.
CVE-2024-54269 1 Wordpress 1 Wordpress 2025-07-13 4.3 Medium
Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4.
CVE-2023-35875 2 Jegstudio, Wordpress 2 Gutenverse, Wordpress 2025-07-13 5.3 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.