Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30887

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-27 Mar, 2025 | 10:55
Updated At-28 Apr, 2026 | 16:11
Rejected At-
Credits

WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:27 Mar, 2025 | 10:55
Updated At:28 Apr, 2026 | 16:11
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9.

Affected Products
Vendor
MagePeoplemagepeopleteam
Product
WpEvently
Collection URL
https://wordpress.org/plugins
Package Name
mage-eventpress
Default Status
unaffected
Versions
Affected
  • From 0 through 4.2.9 (custom)
    • -> unaffectedfrom4.3.0
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
LVT-tholv2k | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:27 Mar, 2025 | 11:15
Updated At:23 Apr, 2026 | 15:27

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.2.9.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-4-2-9-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

921Records found
CVE-2025-39390
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.00%
||
7 Day CHG-0.06%
Published-24 Apr, 2025 | 16:08
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking and Rental Manager plugin <= 2.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through <= 2.3.6.

Action-Not Available
Vendor-MagePeople
Product-Booking and Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-30839
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 64.18%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.2.1.

Action-Not Available
Vendor-MagePeople
Product-Taxi Booking Manager for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-22737
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 55.14%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through <= 1.8.5.

Action-Not Available
Vendor-MagePeople
Product-WpTravelly
CWE ID-CWE-862
Missing Authorization
CVE-2025-39457
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.24%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.8.

Action-Not Available
Vendor-MagePeople
Product-Booking and Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-66083
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.73%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 12:29
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.

Action-Not Available
Vendor-MagePeople
Product-WpEvently
CWE ID-CWE-862
Missing Authorization
CVE-2024-0434
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 60.15%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 03:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF.

Action-Not Available
Vendor-MagePeople
Product-Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution
CWE ID-CWE-284
Improper Access Control
CVE-2025-47585
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.68%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 19:29
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through <= 2.3.8.

Action-Not Available
Vendor-MagePeople
Product-Booking and Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2026-23972
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 3.55%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.6.0.

Action-Not Available
Vendor-MagePeople
Product-Booking and Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-22720
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.8||MEDIUM
EPSS-0.24% / 47.74%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 08:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through <= 2.2.1.

Action-Not Available
Vendor-MagePeople
Product-Booking and Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-54705
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.66%
||
7 Day CHG+0.14%
Published-14 Aug, 2025 | 10:34
Updated-12 May, 2026 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6.

Action-Not Available
Vendor-MagePeople
Product-WpEvently
CWE ID-CWE-862
Missing Authorization
CVE-2026-39565
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 9.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a through <= 2.1.7.

Action-Not Available
Vendor-MagePeople
Product-WpTravelly
CWE ID-CWE-862
Missing Authorization
CVE-2025-8898
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 68.55%
||
7 Day CHG+0.28%
Published-16 Aug, 2025 | 06:39
Updated-08 Apr, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identity prior to updating their details like email address. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. CVE-2025-54713 is likely a duplicate of this issue.

Action-Not Available
Vendor-MagePeople
Product-E-cab Taxi Booking Manager for Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-69327
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.57%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 16:36
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.0.9.

Action-Not Available
Vendor-MagePeople
Product-Car Rental Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-66082
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 12:29
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.

Action-Not Available
Vendor-MagePeople
Product-WpEvently
CWE ID-CWE-862
Missing Authorization
CVE-2025-49986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through <= 1.7.

Action-Not Available
Vendor-thanhtungtnt
Product-Video List Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-49864
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in AFS Analytics AFS Analytics addfreestats allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AFS Analytics: from n/a through <= 4.21.

Action-Not Available
Vendor-AFS Analytics
Product-AFS Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2025-49903
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.01%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through <= 2.3.11.

Action-Not Available
Vendor-BdThemes
Product-ZoloBlocks
CWE ID-CWE-862
Missing Authorization
CVE-2025-49872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects myCred: from n/a through <= 2.9.4.2.

Action-Not Available
Vendor-Saad Iqbal
Product-myCred
CWE ID-CWE-862
Missing Authorization
CVE-2026-32409
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.34%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

Action-Not Available
Vendor-WPMU DEV - Your All-in-One WordPress Platform
Product-Forminator
CWE ID-CWE-862
Missing Authorization
CVE-2023-32798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.

Action-Not Available
Vendor-10up
Product-Simple Page Ordering
CWE ID-CWE-862
Missing Authorization
CVE-2025-49324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control Vulnerability

Missing Authorization vulnerability in PickPlugins Job Board Manager job-board-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through <= 2.1.60.

Action-Not Available
Vendor-PickPlugins
Product-Job Board Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-49320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.11.

Action-Not Available
Vendor-fraudlabspro
Product-FraudLabs Pro for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-32461
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.06%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7.

Action-Not Available
Vendor-Really Simple Plugins
Product-Really Simple SSL
CWE ID-CWE-862
Missing Authorization
CVE-2026-32345
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 14.09%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:41
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Perfect Portfolio theme <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Perfect Portfolio: from n/a through <= 1.2.4.

Action-Not Available
Vendor-raratheme
Product-Perfect Portfolio
CWE ID-CWE-862
Missing Authorization
CVE-2025-49349
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.75%
||
7 Day CHG+0.01%
Published-31 Dec, 2025 | 14:48
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reuters Direct plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.

Action-Not Available
Vendor-Reuters News Agency
Product-Reuters Direct
CWE ID-CWE-862
Missing Authorization
CVE-2025-49338
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.75%
||
7 Day CHG+0.01%
Published-31 Dec, 2025 | 15:35
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flowbox plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.

Action-Not Available
Vendor-Flowbox
Product-Flowbox
CWE ID-CWE-862
Missing Authorization
CVE-2025-49236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Raychat plugin <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in raychat Raychat raychat allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Raychat: from n/a through <= 2.1.0.

Action-Not Available
Vendor-raychat
Product-Raychat
CWE ID-CWE-862
Missing Authorization
CVE-2025-49432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG+0.17%
Published-15 Aug, 2025 | 15:13
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1.

Action-Not Available
Vendor-FWDesign
Product-Ultimate Video Player
CWE ID-CWE-862
Missing Authorization
CVE-2026-31915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:41
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flatsome theme <= 3.19.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6.

Action-Not Available
Vendor-UX-themes
Product-Flatsome
CWE ID-CWE-862
Missing Authorization
CVE-2025-49509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 12:40
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1.

Action-Not Available
Vendor-Roland Beaussant
Product-Audio Editor & Recorder
CWE ID-CWE-862
Missing Authorization
CVE-2025-49376
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.08%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DELUCKS SEO plugin <= 2.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.

Action-Not Available
Vendor-DELUCKS
Product-DELUCKS SEO
CWE ID-CWE-862
Missing Authorization
CVE-2025-49441
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive Regional Map of Florida plugin <= 1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida interactive-map-of-florida allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Interactive Regional Map of Florida: from n/a through <= 1.0.

Action-Not Available
Vendor-WP Map Plugins
Product-Interactive Regional Map of Florida
CWE ID-CWE-862
Missing Authorization
CVE-2025-48346
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embed and Integrate Etsy Shop plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Embed360 Embed and Integrate Etsy Shop embed-and-integrate-etsy-shop allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embed and Integrate Etsy Shop: from n/a through <= 1.0.8.

Action-Not Available
Vendor-Embed360
Product-Embed and Integrate Etsy Shop
CWE ID-CWE-862
Missing Authorization
CVE-2025-47450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple File List plugin <= 6.1.13 - Settings Change Vulnerability

Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.13.

Action-Not Available
Vendor-Mitchell Bennis
Product-Simple File List
CWE ID-CWE-862
Missing Authorization
CVE-2025-48272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.92%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal plugin <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.3.2.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal
CWE ID-CWE-862
Missing Authorization
CVE-2025-47688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.60%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File Manager: from n/a through <= 5.3.1.

Action-Not Available
Vendor-advancedfilemanagerSaad Iqbal
Product-advanced_file_managerAdvanced File Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-48166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability

Missing Authorization vulnerability in sminozzi Stop and Block bots plugin Anti bots antibots allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Stop and Block bots plugin Anti bots: from n/a through <= 1.48.

Action-Not Available
Vendor-sminozzi
Product-Stop and Block bots plugin Anti bots
CWE ID-CWE-862
Missing Authorization
CVE-2025-47486
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gutenberg & Elementor Templates Importer For Responsive plugin <= 3.1.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in CyberChimps Responsive Plus responsive-add-ons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Plus: from n/a through <= 3.1.9.

Action-Not Available
Vendor-CyberChimps Inc.
Product-Responsive Plus
CWE ID-CWE-862
Missing Authorization
CVE-2025-48155
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Residential Address Detection: from n/a through <= 2.5.9.

Action-Not Available
Vendor-Eniture, LLC
Product-Residential Address Detection
CWE ID-CWE-862
Missing Authorization
CVE-2023-50375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.51%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Translate WordPress – Google Language Translator plugin <= 6.0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in edo888 Google Language Translator google-language-translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through <= 6.0.19.

Action-Not Available
Vendor-edo888translate_ai_multilingual_solutions
Product-Google Language Translatorgoogle_language_translator
CWE ID-CWE-862
Missing Authorization
CVE-2026-27393
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.41%
||
7 Day CHG~0.00%
Published-21 May, 2026 | 08:24
Updated-21 May, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6.

Action-Not Available
Vendor-Tobias
Product-CF7 WOW Styler
CWE ID-CWE-862
Missing Authorization
CVE-2025-46244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.62%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Linked Variations for Woocommerce plugin <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce linked-variation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Linked Variations for Woocommerce: from n/a through <= 1.0.3.

Action-Not Available
Vendor-multidotsDotstore
Product-advanced_linked_variations_for_woocommerceAdvanced Linked Variations for Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-46485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.60%
||
7 Day CHG~0.00%
Published-24 Apr, 2025 | 16:09
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Customize Login Page plugin <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Customize Login Page: from n/a through <= 1.6.5.

Action-Not Available
Vendor-Carlo La Pera
Product-WP Customize Login Page
CWE ID-CWE-862
Missing Authorization
CVE-2026-27344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 05:53
Updated-28 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress inseri core plugin <= 1.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through <= 1.0.5.

Action-Not Available
Vendor-inseriswiss
Product-inseri core
CWE ID-CWE-862
Missing Authorization
CVE-2025-4370
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 62.80%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 04:23
Updated-08 Apr, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.

Action-Not Available
Vendor-brizythemefusecom
Product-brizyBrizy – Page Builder
CWE ID-CWE-862
Missing Authorization
CVE-2021-4388
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.40%
||
7 Day CHG~0.00%
Published-01 Jul, 2023 | 04:26
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Opal Estate <= 1.6.11 - Missing Authorization

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.

Action-Not Available
Vendor-wpopalwpopal
Product-opal_estateOpal Estate
CWE ID-CWE-862
Missing Authorization
CVE-2024-5857
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.95%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 03:30
Updated-08 Apr, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to delete arbitrary media files.

Action-Not Available
Vendor-funnelformsfunnelformsfunnelforms
Product-funnelforms_freeInteractive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Freefunnelforms_free
CWE ID-CWE-862
Missing Authorization
CVE-2025-4177
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 67.78%
||
7 Day CHG+0.07%
Published-02 May, 2025 | 01:43
Updated-08 Apr, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion

The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users.

Action-Not Available
Vendor-flynaxv1rustyle
Product-flynax_bridgeFlynax Bridge
CWE ID-CWE-862
Missing Authorization
CVE-2023-49193
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.06%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grow Social plugin <= 1.30.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in NerdPress Hubbub Lite social-pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hubbub Lite: from n/a through <= 1.30.0.

Action-Not Available
Vendor-NerdPressnerdpress
Product-Hubbub Litesocial_pug_wordpress
CWE ID-CWE-862
Missing Authorization
CVE-2021-4357
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.1||CRITICAL
EPSS-0.79% / 74.38%
||
7 Day CHG+0.68%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages.

Action-Not Available
Vendor-stylemixthemesstylemix
Product-ulistingDirectory Listings WordPress plugin – uListing
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found