Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10525 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-44116 2026-04-15 4.3 Medium
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.
CVE-2024-37456 1 Noptin 1 Noptin 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2.
CVE-2023-48274 2026-04-15 6.5 Medium
Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5.
CVE-2023-40672 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
CVE-2024-37516 2026-04-15 6.3 Medium
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.
CVE-2024-9223 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5.
CVE-2023-41130 2026-04-15 8.1 High
Missing Authorization vulnerability in Premmerce Premmerce User Roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through 1.0.12.
CVE-2024-3071 1 Wordpress 2 Acf-on-the-go, Wordpress 2026-04-15 4.3 Medium
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post titles, descriptions, and ACF values.
CVE-2025-23991 2026-04-15 N/A
Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through <= 2.4.5.
CVE-2025-54025 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through <= 6.4.0.
CVE-2025-66145 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.
CVE-2023-32126 2026-04-15 4.3 Medium
Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.
CVE-2025-62130 2 Wordpress, Wpdiscover 2 Wordpress, Accordion Slider Gallery 2026-04-15 N/A
Missing Authorization vulnerability in wpdiscover Accordion Slider Gallery accordion-slider-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through <= 2.7.
CVE-2025-60086 2 Matt, Wordpress 2 Wp Voting Contest, Wordpress 2026-04-15 7.5 High
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.
CVE-2023-6400 2026-04-15 7.4 High
Incorrect Authorization vulnerability in OpenTextâ„¢ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.
CVE-2025-62888 2 Marcomilesi, Wordpress 2 Wp Attachments, Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2.
CVE-2025-62106 2 Mario Peshev, Wordpress 2 Wp-crm-system, Wordpress 2026-04-15 8.8 High
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.
CVE-2025-62952 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-04-15 8.8 High
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3.
CVE-2023-40678 2026-04-15 5.4 Medium
Missing Authorization vulnerability in Lasso Simple URLs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through 117.
CVE-2025-53284 1 Wordpress 1 Wordpress 2026-04-15 N/A
Missing Authorization vulnerability in pankaj.sakaria CMS Blocks cms-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMS Blocks: from n/a through <= 1.1.