Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5814 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-54417 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1.
CVE-2024-49683 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in Schema & Structured Data for WP & AMP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.3.5.
CVE-2023-49818 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8.
CVE-2024-35671 2 Minoji, Wordpress 2 Mj Update History, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.
CVE-2023-38479 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4.
CVE-2023-29422 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
CVE-2024-51817 1 Wordpress 1 Wordpress 2025-07-12 5.4 Medium
Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through 1.0.
CVE-2024-7648 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators.
CVE-2024-13423 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate/deactivate arbitrary plugins.
CVE-2024-54381 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1.
CVE-2025-30864 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in falselight Exchange Rates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Exchange Rates: from n/a through 1.2.2.
CVE-2023-31214 1 Wordpress 1 Wordpress 2025-07-12 5.4 Medium
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.
CVE-2024-43285 1 Wordpress 1 Wordpress 2025-07-12 6.3 Medium
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.
CVE-2025-46488 1 Wordpress 1 Wordpress 2025-07-12 7.1 High
Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2.
CVE-2023-36528 1 Wordpress 1 Wordpress 2025-07-12 5.3 Medium
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
CVE-2024-31347 2 Data443, Wordpress 2 Tracking Code Manager, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0.
CVE-2023-41873 2 Miniorange, Wordpress 2 Saml Sp Single Sign On, Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4.
CVE-2025-31063 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.
CVE-2023-41689 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14.
CVE-2024-9891 1 Wordpress 1 Wordpress 2025-07-12 4.3 Medium
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site.