Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-11564

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-25 Oct, 2025 | 05:31
Updated At-27 Oct, 2025 | 15:49
Rejected At-
Credits

Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it possible for unauthenticated attackers to bypass payment verification and mark orders as paid by submitting forged webhook requests with `payment_type` set to 'recurring'.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:25 Oct, 2025 | 05:31
Updated At:27 Oct, 2025 | 15:49
Rejected At:
▼CVE Numbering Authority (CNA)
Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it possible for unauthenticated attackers to bypass payment verification and mark orders as paid by submitting forged webhook requests with `payment_type` set to 'recurring'.

Affected Products
Vendor
Themeumthemeum
Product
Tutor LMS – eLearning and online course solution
Default Status
unaffected
Versions
Affected
  • From * through 3.8.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Rafshanzani Suhada
Timeline
EventDate
Discovered2025-09-25 00:00:00
Vendor Notified2025-10-09 14:42:41
Disclosed2025-10-24 16:53:49
Event: Discovered
Date: 2025-09-25 00:00:00
Event: Vendor Notified
Date: 2025-10-09 14:42:41
Event: Disclosed
Date: 2025-10-24 16:53:49
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/26289a93-063b-469a-9d09-c286d76fce0c?source=cve
N/A
https://plugins.trac.wordpress.org/browser/tutor/tags/3.8.3/ecommerce/PaymentGateways/Paypal/src/Payments/Paypal/Paypal.php#L323
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/26289a93-063b-469a-9d09-c286d76fce0c?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/tutor/tags/3.8.3/ecommerce/PaymentGateways/Paypal/src/Payments/Paypal/Paypal.php#L323
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:25 Oct, 2025 | 06:15
Updated At:05 Dec, 2025 | 00:26

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it possible for unauthenticated attackers to bypass payment verification and mark orders as paid by submitting forged webhook requests with `payment_type` set to 'recurring'.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Themeum
themeum
>>tutor_lms>>Versions before 3.9.0(exclusive)
cpe:2.3:a:themeum:tutor_lms:*:*:*:*:free:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/tutor/tags/3.8.3/ecommerce/PaymentGateways/Paypal/src/Payments/Paypal/Paypal.php#L323security@wordfence.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/26289a93-063b-469a-9d09-c286d76fce0c?source=cvesecurity@wordfence.com
Product
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/tutor/tags/3.8.3/ecommerce/PaymentGateways/Paypal/src/Payments/Paypal/Paypal.php#L323
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/26289a93-063b-469a-9d09-c286d76fce0c?source=cve
Source: security@wordfence.com
Resource:
Product
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

708Records found
CVE-2024-22151
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.12%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:19
Updated-26 Aug, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.

Action-Not Available
Vendor-codectionCodectioncodection
Product-import_and_export_users_and_customersImport and export users and customersimport_and_export_users_and_customers
CWE ID-CWE-862
Missing Authorization
CVE-2024-1779
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.86%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 06:48
Updated-16 Jan, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.

Action-Not Available
Vendor-zestardzestardtechnologies
Product-admin_side_data_storage_for_contact_form_7Admin side data storage for Contact Form 7
CWE ID-CWE-862
Missing Authorization
CVE-2025-57896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 12:00
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.

Action-Not Available
Vendor-andy_moyle
Product-Church Admin
CWE ID-CWE-862
Missing Authorization
CVE-2021-4357
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.1||CRITICAL
EPSS-0.09% / 26.00%
||
7 Day CHG+0.01%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages.

Action-Not Available
Vendor-stylemixthemesstylemix
Product-ulistingDirectory Listings WordPress plugin – uListing
CWE ID-CWE-862
Missing Authorization
CVE-2021-4388
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-01 Jul, 2023 | 04:26
Updated-25 Oct, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.

Action-Not Available
Vendor-wpopalwpopal
Product-opal_estateOpal Estate
CWE ID-CWE-862
Missing Authorization
CVE-2021-4359
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.96%
||
7 Day CHG+0.02%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site.

Action-Not Available
Vendor-najeebmedianmedia
Product-frontend_file_manager_pluginFrontend File Manager Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-12620
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 59.07%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 03:21
Updated-24 Feb, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update

The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings.

Action-Not Available
Vendor-creativeinteractivemediacreativeinteractivemedia
Product-animategl_animationsAnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations
CWE ID-CWE-862
Missing Authorization
CVE-2021-4351
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.8||MEDIUM
EPSS-0.18% / 38.89%
||
7 Day CHG+0.04%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to change the meta data of certain posts and pages.

Action-Not Available
Vendor-najeebmedianmedia
Product-frontend_file_manager_pluginFrontend File Manager Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-4350
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.12% / 31.65%
||
7 Day CHG+0.02%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content. This effectively lets the attacker use the site as a spam relay.

Action-Not Available
Vendor-najeebmedianmedia
Product-frontend_file_manager_pluginFrontend File Manager Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-42851
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 57.69%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.

Action-Not Available
Vendor-Lenovo Group Limited
Product-t2prot1_firmwaret2pro_firmwaret1x1x1_firmwaret2_firmwaret2a1_firmwarea1Personal Cloud Storage X1Personal Cloud Storage T1Personal Cloud Storage A1Personal Cloud Storage T2Personal Cloud Storage T2Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-12611
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.46% / 64.01%
||
7 Day CHG~0.00%
Published-07 Mar, 2025 | 08:21
Updated-07 Jul, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-dasinfomediadasinfomedia
Product-school_management_systemSchool Management System for Wordpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-12370
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.21%
||
7 Day CHG+0.09%
Published-17 Jan, 2025 | 08:25
Updated-12 Feb, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Hotel Booking <= 2.1.5 - Missing Authorization

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-wp_hotel_bookingWP Hotel Booking
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2024-1177
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 21:21
Updated-07 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs

Action-Not Available
Vendor-wpclubmanagerwpclubmanager
Product-wp_club_managerWP Club Manager – WordPress Sports Club Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2021-38755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 49.95%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 13:53
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.

Action-Not Available
Vendor-hospital_management_system_projectn/a
Product-hospital_management_systemn/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-2108
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 71.67%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:12
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.

Action-Not Available
Vendor-wbcomdesignswbcomdesigns
Product-buddypress_group_reviewsWbcom Designs – BuddyPress Group Reviews
CWE ID-CWE-862
Missing Authorization
CVE-2020-10116
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.56%
||
7 Day CHG~0.00%
Published-17 Mar, 2020 | 14:36
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-862
Missing Authorization
CVE-2023-52186
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:23
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.

Action-Not Available
Vendor-WooCommerce
Product-product_vendorsWooCommerce Product Vendors
CWE ID-CWE-862
Missing Authorization
CVE-2023-51357
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.54%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through 6.5.0.

Action-Not Available
Vendor-Conversiosconversios
Product-Conversios.ioconversios.io
CWE ID-CWE-862
Missing Authorization
CVE-2025-4177
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 66.50%
||
7 Day CHG+0.26%
Published-02 May, 2025 | 01:43
Updated-06 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion

The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users.

Action-Not Available
Vendor-flynaxv1rustyle
Product-flynax_bridgeFlynax Bridge
CWE ID-CWE-862
Missing Authorization
CVE-2025-39353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:30
Updated-22 Jan, 2026 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.

Action-Not Available
Vendor-themegoodsThemeGoods
Product-grand_restaurantGrand Restaurant WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2025-39373
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:42
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JNews theme <= 11.6.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in jegtheme JNews.This issue affects JNews: from n/a through 11.6.5.

Action-Not Available
Vendor-jegtheme
Product-JNews
CWE ID-CWE-862
Missing Authorization
CVE-2025-39457
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8.

Action-Not Available
Vendor-MagePeople
Product-Booking and Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-51362
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.45%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myStickyElements plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Premio All-in-one Floating Contact Form – My Sticky Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All-in-one Floating Contact Form – My Sticky Elements: from n/a through 2.1.3.

Action-Not Available
Vendor-Premiopremio
Product-All-in-one Floating Contact Form – My Sticky Elementsall_in_one_floating_contact_form_my_sticky_elements
CWE ID-CWE-862
Missing Authorization
CVE-2023-51413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.76%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 09:13
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29.

Action-Not Available
Vendor-
Product-Piotnet Forms
CWE ID-CWE-862
Missing Authorization
CVE-2023-50375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.17%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Translate WordPress – Google Language Translator plugin <= 6.0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Translate AI Multilingual Solutions Google Language Translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through 6.0.19.

Action-Not Available
Vendor-Translate AI Multilingual Solutionstranslate_ai_multilingual_solutions
Product-Google Language Translatorgoogle_language_translator
CWE ID-CWE-862
Missing Authorization
CVE-2023-50887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.10%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in UserFeedback Team User Feedback allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through 1.0.10.

Action-Not Available
Vendor-MonsterInsights, LLC (UserFeedback)
Product-User Feedbackuserfeedback
CWE ID-CWE-862
Missing Authorization
CVE-2023-48926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.04%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-advanced_loyalty_programn/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-31810
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Question Answer Plugin <= 1.2.70 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70.

Action-Not Available
Vendor-PickPlugins
Product-Question Answer
CWE ID-CWE-862
Missing Authorization
CVE-2025-32259
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.45%
||
7 Day CHG+0.02%
Published-10 Apr, 2025 | 08:09
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing Vulnerability

Missing Authorization vulnerability in Alimir WP ULike. This issue affects WP ULike: from n/a through 4.7.9.1.

Action-Not Available
Vendor-Alimir
Product-WP ULike
CWE ID-CWE-862
Missing Authorization
CVE-2025-32258
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-08 Apr, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Website Logo plugin <= 1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1.

Action-Not Available
Vendor-InfoGiants
Product-Simple Website Logo
CWE ID-CWE-862
Missing Authorization
CVE-2025-31868
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-23 Jan, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.

Action-Not Available
Vendor-joomskyJoomSky
Product-js_job_managerJS Job Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-31618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.9.

Action-Not Available
Vendor-Jaap Jansma
Product-Connector to CiviCRM with CiviMcRestFace
CWE ID-CWE-862
Missing Authorization
CVE-2025-31765
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR Cookie Notice plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in themeqx GDPR Cookie Notice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR Cookie Notice: from n/a through 1.2.0.

Action-Not Available
Vendor-themeqx
Product-GDPR Cookie Notice
CWE ID-CWE-862
Missing Authorization
CVE-2025-31836
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Review Manager Plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in matthewrubin Review Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Review Manager: from n/a through 2.2.0.

Action-Not Available
Vendor-matthewrubin
Product-Review Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-39388
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:47
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AnalyticsWP: from n/a through 2.0.0.

Action-Not Available
Vendor-Solid Plugins
Product-AnalyticsWP
CWE ID-CWE-862
Missing Authorization
CVE-2025-31386
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 09:32
Updated-01 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple:Press plugin <= 6.10.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11.

Action-Not Available
Vendor-Simplepress
Product-Simple:Press
CWE ID-CWE-862
Missing Authorization
CVE-2025-32252
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Genealogy plugin <= 0.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in blackandwhitedigital WP Genealogy – Your Family History Website allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Genealogy – Your Family History Website: from n/a through 0.1.9.

Action-Not Available
Vendor-blackandwhitedigital
Product-WP Genealogy – Your Family History Website
CWE ID-CWE-862
Missing Authorization
CVE-2025-31777
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-02 Apr, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clockinator Lite plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7.

Action-Not Available
Vendor-BeastThemes
Product-Clockinator Lite
CWE ID-CWE-862
Missing Authorization
CVE-2025-31630
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.

Action-Not Available
Vendor-themeton
Product-The Business
CWE ID-CWE-862
Missing Authorization
CVE-2025-32225
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Event Manager plugin <= 3.1.47 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Event Manager WP Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Event Manager: from n/a through 3.1.47.

Action-Not Available
Vendor-WP Event Manager
Product-WP Event Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-48775
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:47
Updated-31 Dec, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.

Action-Not Available
Vendor-Gfazioli
Product-WP Cleanfix
CWE ID-CWE-862
Missing Authorization
CVE-2025-30790
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:54
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chatbox Manager <= 1.2.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Chatbox Manager: from n/a through 1.2.2.

Action-Not Available
Vendor-alexvtn
Product-Chatbox Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-31000
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Payment QR WooCommerce <= 1.1.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.

Action-Not Available
Vendor-Miguel Fuentes
Product-Payment QR WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-31066
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Acerola <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.

Action-Not Available
Vendor-themeton
Product-Acerola
CWE ID-CWE-862
Missing Authorization
CVE-2025-31042
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sandwich Adsense <= 4.0.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in rtakao Sandwich Adsense allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sandwich Adsense: from n/a through 4.0.2.

Action-Not Available
Vendor-rtakao
Product-Sandwich Adsense
CWE ID-CWE-862
Missing Authorization
CVE-2025-30839
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.2.1.

Action-Not Available
Vendor-MagePeople
Product-Taxi Booking Manager for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-30828
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.

Action-Not Available
Vendor-Arraytics
Product-Timetics
CWE ID-CWE-862
Missing Authorization
CVE-2025-30887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.49%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-27 Mar, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.2.9.

Action-Not Available
Vendor-MagePeople
Product-WpEvently
CWE ID-CWE-862
Missing Authorization
CVE-2025-31071
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.44%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.

Action-Not Available
Vendor-themeton
Product-HotStar – Multi-Purpose Business Theme
CWE ID-CWE-862
Missing Authorization
CVE-2025-30934
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.96%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 診断ジェネレータ作成プラグイン <= 1.4.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16.

Action-Not Available
Vendor-OLIVESYSTEM
Product-診断ジェネレータ作成プラグイン
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 14
  • 15
  • Next
Details not found