Missing Authorization vulnerability in merkulove Worker for Elementor worker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through <= 1.0.10.
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1.
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.13.
Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5.
Missing Authorization vulnerability in sparklewpthemes Sparkle FSE sparkle-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through <= 1.0.9.
Missing Authorization vulnerability in 腾讯云 tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7.
Missing Authorization vulnerability in Travon WP Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1.
Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.3.
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through <= 2.9.0.
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.
Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= 5.2.
Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through <= 1.4.8.
Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through <= 4.80.
Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3.
Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.
Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5.
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1.
Missing Authorization vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.2.
The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with read-only admin privileges to configure restricted settings.
Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0.
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.3.4.
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Fortnox Integration: from n/a through <= 4.5.5.
Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.11.2.1.
Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.
Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through <= 3.2.0.
Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2.
Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <= 3.0.
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.0.
Missing Authorization vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Graphina: from n/a through <= 3.0.4.
Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Variation Swatches for WooCommerce: from n/a through <= 3.0.4.
Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through <= 3.2.35.
Missing Authorization vulnerability in codepeople Music Player for WooCommerce music-player-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Player for WooCommerce: from n/a through <= 1.5.1.
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.
Missing Authorization vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscription Forms: from n/a through <= 1.2.3.
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through <= 3.6.3.
Missing Authorization vulnerability in iTRON WP Logger wp-data-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Logger: from n/a through <= 2.2.
Missing Authorization vulnerability in Service2Client LLC Dynamic Post dynamic-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Post: from n/a through <= 5.03.
Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WR Price List Manager For Woocommerce: from n/a through <= 1.0.8.
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods ni-woocommerce-cost-of-goods allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Cost Of Goods: from n/a through <= 3.2.8.
Missing Authorization vulnerability in Syntactics, Inc. eaSYNC easync-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eaSYNC: from n/a through <= 1.3.19.
Missing Authorization vulnerability in Shiptimize Shiptimize for WooCommerce shiptimize-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiptimize for WooCommerce: from n/a through <= 3.1.86.
Missing Authorization vulnerability in WP Messiah Safe Ai Malware Protection for WP safe-ai-malware-protection-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Safe Ai Malware Protection for WP: from n/a through <= 1.0.20.
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32.