Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-38477 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.
CVE-2024-12341 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins.
CVE-2024-56244 1 Wordpress 1 Wordpress 2025-07-12 5.4 Medium
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.92.
CVE-2024-38714 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through 1.68.232.
CVE-2023-30486 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.
CVE-2023-28494 2 Codepeople, Wordpress 2 Contact Form Email, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
CVE-2025-0954 1 Wordpress 1 Wordpress 2025-07-12 6.5 Medium
The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's settings.
CVE-2025-22591 2 Lenderd, Wordpress 2 1003 Mortgage Application, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87.
CVE-2025-22739 2 Thimpress, Wordpress 2 Learnpress, Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5.
CVE-2025-23477 2 Realty Workstation, Wordpress 2 Realty Workstation, Wordpress 2025-07-12 8.2 High
Missing Authorization vulnerability in Realty Workstation Realty Workstation allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Realty Workstation: from n/a through 1.0.45.
CVE-2025-24588 2 Patreon, Wordpress 2 Patreon Wordpress, Wordpress 2025-07-12 6.5 Medium
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
CVE-2025-24734 2 Codesolz, Wordpress 2 Better Find And Replace, Wordpress 2025-07-12 8.8 High
Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.
CVE-2025-24751 2 Godaddy, Wordpress 2 Coblocks, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
CVE-2025-24972 1 Discourse 1 Discourse 2025-07-12 4.3 Medium
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.
CVE-2025-26370 1 Q-free 1 Maxtime 2025-07-12 7.1 High
A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests.
CVE-2025-26373 1 Q-free 1 Maxtime 2025-07-12 6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26374 1 Q-free 1 Maxtime 2025-07-12 6.5 Medium
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests.
CVE-2025-26377 1 Q-free 1 Maxtime 2025-07-12 8.1 High
A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests.
CVE-2025-26995 2 Anton Vanyukov, Wordpress 2 Market Exporter, Wordpress 2025-07-12 5.4 Medium
Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21.
CVE-2025-27294 2 Platcom, Wordpress 2 Wp-asambleas, Wordpress 2025-07-12 4.8 Medium
Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0.