Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30929 | 2025-07-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0. | |||||
| CVE-2025-29012 | 2025-07-08 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Add-on allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 7 Mailchimp Add-on: from n/a through 2.2. | |||||
| CVE-2025-50039 | 2025-07-08 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in vgwort VG WORT METIS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VG WORT METIS: from n/a through 2.0.0. | |||||
| CVE-2025-49431 | 2025-07-08 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Gnuget MF Plus WPML allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MF Plus WPML: from n/a through 1.1. | |||||
| CVE-2025-50032 | 2025-07-08 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Paytiko - Payment Orchestration Platform Paytiko for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paytiko for WooCommerce: from n/a through 1.3.14. | |||||
| CVE-2025-6814 | 2025-07-08 | N/A | 7.5 HIGH | ||
| The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request. | |||||
| CVE-2025-29007 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4. | |||||
| CVE-2025-52813 | 2025-07-08 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5. | |||||
| CVE-2025-29001 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7. | |||||
| CVE-2025-47634 | 2025-07-08 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9. | |||||
| CVE-2025-42953 | 2025-07-08 | N/A | 8.1 HIGH | ||
| SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system. | |||||
| CVE-2025-42960 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application. | |||||
| CVE-2025-42952 | 2025-07-08 | N/A | 7.7 HIGH | ||
| SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. This could cause a high impact on availability. Data confidentiality and integrity are not affected. No data can be read, changed or deleted. | |||||
| CVE-2025-42961 | 2025-07-08 | N/A | 4.9 MEDIUM | ||
| Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected. | |||||
| CVE-2025-5957 | 2025-07-08 | N/A | 5.3 MEDIUM | ||
| The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets. | |||||
| CVE-2025-42974 | 2025-07-08 | N/A | 4.3 MEDIUM | ||
| Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no impact on integrity or availability. | |||||
| CVE-2024-12610 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | N/A | 5.3 MEDIUM |
| The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts. | |||||
| CVE-2024-12611 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | N/A | 5.3 MEDIUM |
| The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-46450 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
| Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2025-5813 | 1 Suhailahmad64 | 1 Amazon Products To Woocommerce | 2025-07-07 | N/A | 5.3 MEDIUM |
| The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces. | |||||