Total
5188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23961 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. | |||||
| CVE-2025-23957 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3. | |||||
| CVE-2025-23955 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. | |||||
| CVE-2025-23954 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. | |||||
| CVE-2025-23930 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | |||||
| CVE-2025-23929 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | |||||
| CVE-2025-23917 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | |||||
| CVE-2025-23916 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | |||||
| CVE-2025-23862 | 2025-01-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1. | |||||
| CVE-2025-23785 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | |||||
| CVE-2025-23778 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. | |||||
| CVE-2025-23776 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. | |||||
| CVE-2025-23764 | 2025-01-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. | |||||
| CVE-2025-23761 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | |||||
| CVE-2025-23514 | 2025-01-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2. | |||||
| CVE-2025-23423 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4. | |||||
| CVE-2023-33983 | 1 Briarproject | 1 Briar | 2025-01-16 | N/A | 7.4 HIGH |
| The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | |||||
| CVE-2023-5611 | 1 S-sols | 1 Seraphinite Accelerator | 2025-01-16 | N/A | 5.3 MEDIUM |
| The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them | |||||
| CVE-2024-3711 | 1 Brizy | 1 Brizy | 2025-01-16 | N/A | 4.3 MEDIUM |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access or above, to enable/disable the Brizy editor and modify the template used. | |||||
| CVE-2024-1937 | 1 Brizy | 1 Brizy | 2025-01-16 | N/A | 7.1 HIGH |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript. | |||||