CWE-86 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10532 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62086	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.34.
CVE-2025-68042	2 Travelpayouts, Wordpress	2 Travelpayouts, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.2.
CVE-2025-62736	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in opicron Image Cleanup image-cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Cleanup: from n/a through <= 1.9.2.
CVE-2025-62738	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through <= 2.0.2.
CVE-2025-62740	2 Mario Peshev, Wordpress	2 Wp-crm-system, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.6.
CVE-2025-62867	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.13.
CVE-2025-63077	3 Elementor, Happymonster, Wordpress	3 Elementor, Happy Addons For Elementor, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.3.
CVE-2025-67468	2 Crmperks, Wordpress	2 Integration For Salesforce And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms: from n/a through <= 1.4.6.
CVE-2025-62090	2 Jegstudio, Wordpress	3 Gutenverse, Gutenverse News, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons: from n/a through <= 3.0.2.
CVE-2025-48128			2026-04-15	N/A
Missing Authorization vulnerability in Sharespine Sharespine Woocommerce Connector sharespine-woocommerce-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharespine Woocommerce Connector: from n/a through <= 4.7.55.
CVE-2024-9234	1 Wpmet	1 Gutenkit	2026-04-15	9.8 Critical
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.
CVE-2024-55993			2026-04-15	N/A
Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.61.
CVE-2025-63016	2 Quadlayers, Wordpress	2 Tiktok Feed, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-12895	3 Laborator, Woocommerce, Wordpress	3 Kalium, Woocommerce, Wordpress	2026-04-15	5.3 Medium
The Kalium 3 \| Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf.
CVE-2025-63047	2 Cridio, Wordpress	2 Listingpro, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
CVE-2025-68565	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.
CVE-2025-68568	2 Popup Builder, Wordpress	2 Popup Builder, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wheel & Email Capture: from n/a through <= 1.0.7.
CVE-2025-68571	2 Salesmanago, Wordpress	2 Salesmanago, Wordpress	2026-04-15	8.8 High
Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through <= 3.9.0.
CVE-2025-68577	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.
CVE-2025-68579	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.

« first previous Page 97 of 527. next last »