Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62973

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-27 Oct, 2025 | 01:34
Updated At-28 Apr, 2026 | 18:59
Rejected At-
Credits

WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:27 Oct, 2025 | 01:34
Updated At:28 Apr, 2026 | 18:59
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.

Affected Products
Vendor
Themekraft
Product
BuddyForms
Collection URL
https://wordpress.org/plugins
Package Name
buddyforms
Default Status
unaffected
Versions
Affected
  • From 0 through 2.9.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-1Accessing Functionality Not Properly Constrained by ACLs
CAPEC ID: CAPEC-1
Description: Accessing Functionality Not Properly Constrained by ACLs
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nabil Irawan | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/buddyforms/vulnerability/wordpress-buddyforms-plugin-2-9-0-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/buddyforms/vulnerability/wordpress-buddyforms-plugin-2-9-0-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:27 Oct, 2025 | 02:15
Updated At:20 Jan, 2026 | 15:18

Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
themekraft
themekraft
>>buddyforms>>Versions up to 2.9.0(inclusive)
cpe:2.3:a:themekraft:buddyforms:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/buddyforms/vulnerability/wordpress-buddyforms-plugin-2-9-0-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/buddyforms/vulnerability/wordpress-buddyforms-plugin-2-9-0-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

489Records found
CVE-2025-1780
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.60%
||
7 Day CHG~0.00%
Published-01 Mar, 2025 | 03:22
Updated-08 Apr, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting.

Action-Not Available
Vendor-themekraftthemekraft
Product-buddypress_woocommerce_my_account_integrationBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
CWE ID-CWE-862
Missing Authorization
CVE-2024-35726
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 59.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:46
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.

Action-Not Available
Vendor-themekraftThemeKraft
Product-buddypress_woocommerce_my_account_integration._create_woocommerce_member_pagesWooBuddy
CWE ID-CWE-862
Missing Authorization
CVE-2022-4974
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 42.70%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-mantrabrainscrollsequenceclosetechnologyproteusthemessnazzythemespeterschulznljavmahbuttonizersslzenwpkubekaggdesigncyberhoboakdevsjaydeep-nimavataharonyanmhmrajibproperfractionjohnc1979oloyede-jamiuivanchernyakovmatthias-reuterkaizencodersshabtidanish-alitheafricanboss/vinod-dalviwordplusultimateblocksninjalibsmattpramschuferbrightvesseldevwalkerwpmohsinofflinexjohnykdavidandersonalekvsamdaniannastaacodeieswpsaadatakanozdaniyalahmedkkartikparmarthinleekwpscriptsjamesparkninjanitin247takanakuiethereumicoiothijziecleverpluginsoceanwpinteractivegeomapsultradevswpbitsgaloovergloriousthemespaulio21commercepunditpootlepresskoen12344bfintalchetmacwpmoosenicheaddonshalmatprasadkirpekarwpdevpowersalexmosstickeraalphabposervicefsruslanshawoninfomcurlywhiteshadowvohotv/wptravelenginewiserstepssindyakinsergeihiddenpearlsmaciejbak85wpsoulstaxwpkhothemesmoomooagencyrebelcodelynn999damian-goralostboy7glowlogixrankbearkylegilmanmaartenbelmansivan_paulinsonalsinha21unitecmstranzlywpenginewebheadllcpluginswaremajickjkohlbachrisethemepagebuildersandwichpassionatebrainswpgeniuzwpconedevlimbcodeshelob9wpjolicmbibby/jburleigh1protectyouruploadsfrostbournalleythemesanasbinmukimprinceahmedavidthemes/npluginstprintyedisonavesamuelsilvaptwoopopstherealwebdisruptkenanfallonpasyuksyntacticsekanathdashlabsltdweconnectcodewpeventpartners/gowebsmartymodulemastersggriesserjurskipippozanardogfiremaguilerasoftwoodyhaydaydanielealessandrawebmuehlemte90gkher/tobias_conraduriahs-victorbeeneebalex-yesmartwpressdejanmarkovicolezhyk5elbisnerow3scloudjwindswitcorp5starpluginsshamim51kartikparmar/bestpluginswordpresselliotvsjanwylronena100plugins360ankitmarucliffpaulickwordpresschefldninjas/anfrageformularfoopluginstobias_conrad/sebet/blockypagemuhammad-rehmandreamfoxsorsawowpmunichlinekalspartacchillichallibadhonrocksblockmeisterclosemarketing/josevegamojofywpmberdingxplodedthemesupfivthemekraftthemelocationtoddhalfpennysvovafwpdivemilukove/wupoandyabelowcodexonicsbandidodeothemesslidedeckoceascloudspongedarellwgaugesalttechnointerfacelabmumarym1985patrickgarmanwpmagicsmohammedrezqggeddemilmorcoderpresssmgteamdivisumorenaudbodstarfishwpwphrmanagersakurapixelwpcohortstevehentyjcodexwebba-agencynasirahmed9brada6mikebelsdvizheniapowerfulwpactuaryzaskdangub86imtiazrayhanmaxsdesigndipcodeirkanulivemeshjwebsollistplusahmed17inputwpeedeeskymindscebbiflexithemeswpvibesdaigo75kairaskshaikatgiladtakonisovstackpremmercesurbmamaltathemespootlepress/equalizedigitalinfosatechthemeythemeslukeseagerdiviframeworkwp-makingkartechifyzeethemesebetrafacarvalhidomelapressthemeseixyulexstreamweaselsroyalnavneetstevejburgemajick/blackandwhitedigitalmnelson4iksstudiopmbaldhapatrickposnerpluginandplayanssilaitilaversacompmaurolopes/wpchillbavokoservicestripettowpdeliciousfrenifydgwyerggwiczwpt00lsjetixwpkrsppmbaldha/essekiadrosendoco2okcypressnorthinfornwebedgegallerypluginpopeatingmilukovedotsmunirkamalusmanaliqureshibouncingsproutkkikuchi1220seezeewpeka-clublitonice13vernalwptbgreenjaymediakitthemeswplegalpagesejslondon/sj_omvvapps/tonyzeolirafalosinskimeepluginsgallerycreatormasterblockswpdevervincoitmarviorochaboriscolombier/multicollabpenguininitiativesbrandonfiresslatlasintoxstudiofastaf/mbrown24thecodechimebilaltasboltonstudiosibenicmdedevtheafricanbosscadudecastroalveswpcohort/stylingwebbenjanthielemannmarcqueraltcreativethemeshqmikewire_rocksolidbpluginszerozendesignh3technologiesfullworksivacygetsparrowcloudlivingdotrexbenmoreassynthqthemedanielisercromer12richard-bthemestymihail-barinovfoxmoonmatstarsdovyplkoudaltauhidproinvisnetsaadiqbalvanyukovtribalnerdsangarandjenhmeowcrewdudocodesavorysetkahumblethemesblockspareelementinvaderattestbycriksjavedpagupclickervoltseancarricodam6plprelctropicalistaBdThemesRoyal Elementor AddonsThe Events Calendar (StellarWP)WPWeb EliteThemeisle
Product-annasta Filters for WooCommerceBattle Suit for DiviBetter Robots.txt – AI-Ready Crawl Control & Bot GovernanceStyler Mate for Contact Form 7eaSYNC Booking – Hotels, Restaurants & Car RentalsWidget Detector for ElementorTickera – Sell Tickets & Manage EventsBlock Slider – Responsive Image Slider, Video Slider & Post SliderGloriousThemes Starter SitesGateway for PayLate on WooCommerceUltimate Post Kit Addons for ElementorDivi Content RestrictorLivemesh Addons for Beaver BuilderWidgets on Pages and PostsEvent Tickets and RegistrationWP Page TemplatesAutoSave NetAWCA – The Great Analytics Insights for Your eStoreWebinarIgnition – Live, Automated & Evergreen Webinars for WooCommerceInsert or Embed Articulate Content into WordPressForm Vibes – Database Manager for FormsQuick Contact FormLocal Delivery Drivers for WooCommerceAddon Elements for Elementor (formerly Elementor Addon Elements)Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreMenu Item SchedulerExpire tagsAdd Pinterest conversion tags for Pinterest Ads + Site verificationGA4WP – Analytics Dashboard for the WebsiteHM Multiple RolesWP Search FilterPlace Order Without Payment for WooCommerceBookPress – For Book AuthorsMusic Player for Elementor – Audio Player & Podcast PlayerPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)Bulk Attachment DownloadWordPress Dev Powers – ACF Color Coded Field Types PluginPost Carousel DiviWP Google Street View (with 360° virtual tour) & Google maps + Local SEOAutomatic Internal Links for SEO by PagupEasy Post Views CountAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressWordPress Gallery Plugin – Edge Photo GalleryBulk WooCommerce Category CreatorBooking Addon for WooCommerceEasy PrayerUkrposhtaPremmerce Variation Swatches for WooCommerceThe Events CalendarTK Google Fonts GDPR CompliantGuest posting / Frontend Posting / Front Editor – WP Front User SubmitDuplicate Variations for WoocommerceCF7 Constant Contact Fields MappingGeo MashupReplyable – Subscribe to Comments and Reply by EmailWP Photo EffectsMenu Image, Icons made easyAwesome SSLFiboSearch – Ajax Search for WooCommerceProduct Image Watermark for WooBetter SharingPremmerceRT Easy Builder – Advanced addons for ElementorAll-in-One Video GalleryTinyMCE AnnotateKVoucherWP fail2ban – Advanced SecurityDa ReactionsPayment Gateway for PayFabricNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarNotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerceWP Easy Pay – Payment and Donation form Builder for SquareConversion de moneda WoocommerceCustomers Table for WooCommerce: View, Search, Bulk EditorSchema Plugin For Divi, Gutenberg & ShortcodesMaster Accordion ( Former WP Awesome FAQ Plugin )Masonry Gallery & Posts For Divi (WP Tools)Blocksy CompanionRoyal Addons for Elementor – Addons and Templates Kit for ElementorBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block EditorWP Get PersonalPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderGet Better Reviews for WooCommerceInbound BrewSimple Feature Requests Free – User Feedback BoardAnfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungEqualize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 complianceWordPress Coupon Plugin for Bloggers and Marketers – WP OffersEasy Code SnippetsDeMomentSomTres AddressDeMomentSomTres Media Tools AutoMarket ExporterWP GratifyHQTheme ExtraSlideDeck: Responsive WordPress Slider PluginMulti Page Auto Advance for Gravity FormsWP BugBotDeals of the Day WooCommercebbResolutionsSmart Variations Images & Swatches for WooCommercePremmerce Wishlist for WooCommerceRevolution for ElementorEasy Social Feed – Social Photos Gallery and Post Feed for WordPressPayment Gateway Per Product for WooCommerceWP Notification BellHelpie FAQ — Accordion, Docs & Knowledge BaseFrontend group restriction for LearnDashWidgets for WooCommerce Products on ElementorNugget by Ingot: Easy, automated and native A/B testing for everyoneGreenshift – animation and page builder blocksSTEWoo – Super Transactional Emails for WooCommerceThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedFlat Rate Shipping Method for WooCommerceSimple Sitemap – Create a Responsive HTML SitemapClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWooCommerce Next Order CouponNEXUSCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressWP Relevant AdsIks Menu – WordPress Category Accordion Menu & FAQsWP Data Access – App Builder for Tables, Forms, Charts, Maps & DashboardsMarijuana Age VerifyWooCommerce upcoming ProductsEvents Calendar RegistrationChoice Payment Gateway for WooCommerceFilr – Secure document libraryWOW Styler for CF7 – Visual Styler for Contact Form 7 FormsPage Builder Sandwich – Front End WordPress Page Builder PluginBetter Addons for ElementorCuisine PalaceSVG Flags – Beautiful Scalable Flags For All Countries!VidSEO – Video transcript embedding for WordPress & LLMRating-Widget: Star Review SystemCryptocurrency Product for WooCommerceNew User ApproveUnakitGo Fetch Jobs (for WP Job Manager)Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic RemarketingAutomizy Gravity FormsRaCar Clear Cart for WooCommerceWP-HR Manager: The Human Resources Plugin for WordPressReally Simple Featured Video – Featured Video Support for Posts, Pages & WooCommerce ProductsWordPress Auto SEO Plugin – Upfiv SEO WizardCookie Banner for GDPR / CCPA – WPLP Cookie ConsentFunnelmentalsShipping Gateway Per Product for WooCommerceDeMomentSomTres Grid ArchiveLicense Manager for WooCommerceVit Website ReviewsLawPress – Law Firm Website ManagementSpeculorAquarella LiteJoli Table Of ContentsWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareReset Course Progress For LearnDashResponsive Social Slider WidgetNitek Carousel Slider Cool TransitionsNumber ChatStreamWeasels Twitch IntegrationTreePress – Easy Family Trees & Ancestor ProfilesEvents Addon for ElementorContact List – Online Staff Directory & Address BookProtect Uploads with Login – Protect Your UploadsFrontend Admin by DynamiAppsWholesale for WooCommerceFull Page Blog DesignerAgy – Age verification for WooCommerceEthereumICOFuse Social Floating SidebarMOBILOOK — Mobile View & Mobile‑Friendly TestServer InfoCategorify – WordPress Media Library Category & File ManagerWUPO Group Attributes for WooCommerceLMS Plugin – eLearning, Online Courses by AttestMixed Media Gallery BlocksWordPress Slider Block GutensliderBlog Sidebar WidgetOcean ExtraNicheTable – Responsive Comparison Table BlockGlossaryConeBlog – Elementor Blog WidgetsXT Floating Cart for WooCommerceAEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image OptimizationUnder ConstructionElationAll in One Invite CodesLittleBot InvoicesUltra Elementor AddonsCustom Registration and Custom Login Forms with New RecaptchaMedia Library File DownloadSecure IP LoginsDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MoreClean Social IconsCoupon Affiliates – Affiliate Plugin for WooCommerceCountry Based Payments for WooCommerceFooter Plugin for DiviImage Carousel For DiviAge Verification Screen for WooCommerceDelivery for WooCommercePrice Bands for WooCommercePootle Pagebuilder – WordPress Page builderSEO Audit – WP Site AuditorSocial Gallery LiteContact Form 7 – Capsule CRM – IntegrationEverseCustom Login Page CustomizerRun time Image resizingBookit — Booking & Appointment CalendarFive-Star Ratings ShortcodeWordPress Everse Starter Sites – Elementor TemplatesSurveyFunnel – Survey Plugin for WordPressGutenberg Blocks – ACF Blocks SuiteWP Disable SitemapPro Broken Links MaintainerCustom WooCommerce Checkout Fields EditorAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Security SafeFeedpress Generator – External RSS Frontend CustomizerModern Designs for Gravity FormsACF for WooCommerce ProductFile Manager for Google Drive – Integrate Google DriveAirpressDynamic Pricing and Discount Rules for WooCommerceBetter Messages – Integration for WC Vendors MarketplaceLightbox & Modal Popup WordPress Plugin – FooBoxDancePress (TRWA)SKT Templates – 100% Free Templates for Elementor & GutenbergAdvanced Classifieds & Directory ProListPlus – Unlimited Listing DirectoryUltimate Widgets LightPanorama – 360 Virtual Tour, Panoramic image viewer and MoreUltimeterQyrr – simply and modern QR-Code creationChange Price Title for WooCommerceCheckout with Cash App on EDDSV Tracking ManagerPodcast Box – Best Podcasting Plugin for WordPressElements for LifterLMSPassster – Password Protect Pages and ContentVillarAds.txt & App-ads.txt Manager for WordPressEasy Smooth Scroll Links – Smooth Scrolling AnchorLocalSEOMapWordPress form builder plugin for contact forms, surveys and quizzes – TripettoBlock, Suspend, Report for BuddyPressAdd Twitter Pixel for Twitter adsPremmerce Multi-currency for WoocommerceXT Quick View for WooCommercePrimary Addon for ElementorClimateClick: Climate Action for allFocus on Reviews for WooCommerceFeatured Images in RSS for Mailchimp & MoreSEO BoosterPremmerce Product Filter for WooCommerceBook BuyBack PricesWPGSI: Spreadsheet IntegrationSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP Group PromoterFast WordPressPost Snippets – Custom WordPress Code Snippets CustomizerImage Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AIActivity Log For MainWPHasiumBlocked in China | Check if your site is available in the Chinese mainlandElastaFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)Display Eventbrite EventsWP Affiliate DisclosureRestaurant & Cafe Addon for ElementorTeam Collaboration & Content Workflow Plugin for WordPress Editorial Teams – MulticollabWordPress Animation Plugin – Animated EverythingWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL ScanContact Form 7 Multi-Step FormsWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerPower Ups for ElementorWP Lead StreamVideopackWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.Auto SEO META keywords (META tags keywords) optimization + WooCommerceBulk Edit Coupons for WooCommerce – WP Sheet EditorWooCommerce PayPlugRW Divi Unite GalleryWP Tools Divi Product CarouselQuick Affiliate StorePremmerce Permalink Manager for WooCommercePremmerce WooCommerce Customers ManagerWP Sessions Time Monitoring Full AutomaticWP Dev Powers – Display Screen Dimensions to Admin PluginAbeta Link PunchOutScrollsequence – Cinematic Scroll Image Animation PluginPremmerce Redirect ManagerYT Player – Embed and Customize Video PlayersPremmerce Wholesale Pricing for WooCommerceDelete Duplicate Postskk Star Ratings – Rate Post & Collect User FeedbacksDelete Posts automaticallyDrip Feed Content Extended for LearndashMaster Blocks – Gutenberg Site BuilderStation Pro – Advanced Audio Streaming & Player for WordPressWordPress SEO ChecklistOverlay Image Divi ModuleAnt Admin Notices for TeamAmelaSuper Video player – Fully Customizable Video Player with PlaylistWP Conference ScheduleEasy Math Captcha for CF7OpenseaXT Ajax Add To Cart for WooCommerceTiered Pricing Table for WooCommerceBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Code ManagerWidget for Contact form 7StoreCustomizer – A plugin to Customize all WooCommerce PagesPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextProduct Author for WooCommerceMaster Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsPurusCaxton – Create Pro page layouts in GutenbergSalon Booking System – Free VersionWP School CalendarQuick Event ManagerWP Meta and Date RemoverTopNewsWp – Display Tikcer News, RSS Feed Widget and Many MoreWordPress Google TranslateAFI – The Easiest Integration PluginVO Store Locator – WP Store Locator PluginWS BootstrapPast Events ExtensionEasy Appointment Booking & Scheduling System – Webba Booking CalendarMultisite Robots.txt ManagerWPOptin – AI-Powered Top Bars, PopUps & Lead GenerationBlog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsShare This ImageRedirection for Contact Form 7Education Addon for ElementorShubanChat Button- Leads and Order over ChatAutomatic YouTube GalleryGenealogical Tree – Family Tree & Ancestry for WordPressWP Frontend ProfileGet feedback from visitors – WP Feedback Suite PluginInternal Link Juicer: SEO Auto Linker for WordPresswGauge – Free VersionViralikeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewImpexium Single Sign OnURL Shortify – Simple and Easy URL ShortenerTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, FluentBlockMeister – Block Pattern BuilderFAQ Manager For Divi, Gutenberg Block & ShortcodeHooked Editable ContentPowerFolio – Portfolio & Image Gallery for ElementorRadio Player – Live Shoutcast, Icecast and Any Audio Stream PlayerPreloader for DiviError Log MonitorLive Drag and Drop Builder for Contact Form 7Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private MessagesPremmerce User RolesWordPress Dev Powers – Element Selector jQuery Powers PluginDivi Gravity Forms (WP Tools)WordPress WooCommerce Sync for Google SheetPurosaWP MooseWP Activity LogComments Not Replied ToPledged Plugins Secure Gateway for Authorize.net and WooCommerceWP Table Builder – Drag & Drop Table BuilderAdvanced Database ReplacerEthPress – Web3 LoginTarot Card OracleGFireM Action AfterNokkeChange Prices with Time for WooCommerceSnazzyAdmin WP Admin ThemeModern Addons for Elementor Page BuilderHuCommerce | Magyar kiegészítések WooCommerce webáruházakhozSend Prebuilt EmailsAlley Business ToolkitProduct Attachment for WooCommercejav's – WooCommerce and Trello integration WooTrelloOrder and Inventory Manager for WooCommerceWalker CorePremmerce Product Search for WooCommerceSync eCommerce NEOUltimate Divi Modules Suite – Divi Sumo LiteWP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesZip Code RedirectSurbma | GDPR Proof Cookie Consent & Notice BarProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOProduct Customer List for WooCommerceStop Contact Form 7 Spam & WPForms Spam – Free ProtectionEasy Newsletter SignupsRest Routes – Custom Endpoints for WordPress REST APIBulk Edit Categories and Tags – Create Thousands Quickly on the EditorCP Simple NewsletterMeridiaSimple Social Page Widget & ShortcodeAidWP – Donation & Payment Forms (Stripe Powered)Multipurpose Gutenberg BlockBulk Edit Posts and Products in SpreadsheetWP Free SSLStreak CRM For Gmail For Contact Form 7 – WordPress PluginLivemesh SiteOrigin WidgetsRun Contests, Raffles, and Giveaways with ContestsWPFrontend Admin – Add and edit posts, pages, users and more all from the frontendCourt Reservation – Manage Your Court Bookings OnlineWordPress Directory Plugin For Business Listings – WP Local PlusEnhanced Ecommerce Google Analytics for WooCommerceKnowledge Base documentation & wiki plugin – BasePress DocsAtlas – Knowledge BaseWP Author BioUltimate Carousel For DiviWoocommerce Customers Order HistoryStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsBrandAny Popup – Popup Forms, Optins & AdsAdvanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus EasilySticky add to cart for WooWP EmailyEU VAT Assistant for WooCommerceLittleBot ACH for Stripe + PlaidWPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…TwentyFourth WP ScraperSocial KitButtonizer – Floating Menus, Sticky Buttons, & Popup BuilderFast Checkout for WooCommerceBanner Management, Product Slider, Product Carousel for WooCommerceBlockyPage – Gutenberg Based Page BuilderEthereum WalletPage Builder for Gutenberg – StarterBlocksGFireM Advance SearchRadio Station by netmix® – Manage and play your Show Schedule in WordPress!JDs PortfolioContent Aware Sidebars – Fastest Widget Area PluginCartPops – High Converting Add To Cart Popup For WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortQuick Paypal PaymentsOne Click LoginRestrict – membership, site, content and user access restrictions for WordPressDrop Shadow BoxesNicheBaseYatri ToolsBAVOKO SEO Tools – All-in-One WordPress SEOPremmerce SEO for WooCommerceRevivePress – Keep your Old Content EvergreenCartoon UrlBlock Styler For Gravity FormsStrumenti Partita IVA per WoocommerceSheetPress – Manage WordPress Meta data with Google SheetsProduct Size Charts Plugin for WooCommerceExtend Filter Products By Price WidgetEasy TikTok Feed – TikTok Video, Feed & Gallery PluginPost List Designer – Category Post, Recent Post, Post ListWP Coupons and Deals – Coupon Plugin For Affiliate MarketersGiveaways for woocommerceMass Pages/Posts CreatorUser Menus – Nav Menu VisibilityPage Builder Gutenberg Blocks – Kioken BlocksPrime Mover – Migrate WordPress Website & BackupsSSL Zen — SSL Certificate Installer & HTTPS RedirectsWPBITS Addons For Elementor Page BuilderLive TV Player – Worldwide Live TV Channels Player for WordPressDigital Goods (Checkout Field Editor) for WooCommerce CheckoutBaniSky Login RedirectWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT ComplianceWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationStackable – Page Builder Gutenberg BlocksAvailability Datepicker – Booking Calendar for Contact Form 7 – Input WPGenerate Images (AI) – Magic Post ThumbnailGrid & Styler For Contact Form 7 And DiviYASR – Yet Another Star Rating Plugin for WordPressPay For Post with WooCommerceWP SPID ItaliaEther and ERC20 tokens WooCommerce Payment GatewayRestrict User Access – Ultimate Membership & Content ProtectionNinja Libs Amazon SESMailChimp ManagerGallery by FooGallerySQL Reporting Services – SSRS Plugin for WordPressSimple SponsorshipsWoo Admin Product NotesWC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerceProduct Carousel For WooCommerce – WoorouSellPostcode RedirectFullscreen MenuBulk Edit and Create User Profiles – WP Sheet EditorXT Variation Swatches for WooCommerceDocument Viewer – Embed Word, Excel, PowerPoint & PDFs InstantlyPrime Slider – Addons for ElementorPremmerce Brands for WooCommerceWP Adminify – White Label WordPress, Admin Menu Editor, Login CustomizerJoli FAQ SEO – WordPress FAQ PluginWP Tools Divi Blog CarouselUltimate Gutenberg – Custom Block TemplatesDivi Torque Lite – Divi Theme, Divi Builder & Extra ThemeCodeKit – Custom Codes EditorAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsFIT: Featured Image ToolkitConnected SermonsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceGet Directions MapShared Files – Frontend File Upload Form & Secure File SharingWP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove CommentsPinblocks — Gutenberg blocks with Pinterest widgetsGlorious Services & SupportBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesWP Mobile Menu – The Mobile-Friendly Responsive MenuWordPress Reviews by ReviewPressAdd Linkedin insight tags for Linkedin adsConsultPress LiteWP Required Taxonomies – Categories and Tags MandatoryA no-code page builder for beautiful performance-based contentUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterHide Shipping Method For WooCommerceShipping Method Display Style for WooCommerceLightbox – EverlightBox GalleryLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridSV Proven ExpertDynific Addons for Elementor (formerly AnyWhere Elementor)Wadi SurveyRemove Add to Cart WooCommerceazw woocommerce file uploadsWp My Admin BarGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormGFireM Fields3D Viewer – Display Interactive 3D ModelsFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Fraud Prevention For WooCommerce and EDDCryptocurrency Portfolio TrackerКнопка ЮMoneyTag Groups is the Advanced Way to Display Your Taxonomy TermsWP Munich Blocks – Gutenberg Blocks for WordPressStreamCast – Live Radio Streaming PlayerWP AutoMedicW3SCloud Contact Form 7 to Zoho CRMWP Event Partners – WordPress Plugin for Event and Conference ManagementFood Store – Online Food Delivery & PickupXT Points & Rewards for WooCommerceRocket Maintenance Mode & Coming Soon PageSpotlight Social Feeds – Block, Shortcode, and WidgetForceFieldForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookPrint My Blog – Print, PDF, & eBook Converter WordPress PluginRecurWP – WordPress Recurly Payment GatewayLimb Gallery | Create Beautiful Image & Video GalleriesOut of stock display for woocommercePersistent LoginAnnouncement & Notification Banner – BulletinLearnMoreIvory Search – WordPress Search PluginImage Photo Gallery Final Tiles GridEasy Settings for LearnDashWP Radio – Worldwide Online Radio Stations Directory for WordPressBefore and After Product Images for WooCommerceScheduled Notification BarWoowGallerySTAX Header BuilderWP-Cron Status CheckerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Justified GalleryWPBakery Page Builder Addons by LivemeshEasy Zillow ReviewsTabs with Recommended Posts (Widget)WP SierraFront End PMWP Frontend Admin – Display WP Admin Pages in the FrontendEmail TrackerPerformance KitEmail Header FooterWP Post BlockSimple Giveaways – Grow your business, email lists and traffic with contestsCheckout with Zelle on WoocommerceThank You Page for WooCommerceMapGeo – Interactive Geo MapsPost to Google My Business (Google Business Profile)WP Link BioAdFoxly – Ad Manager, AdSense Ads & Ads.txtPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCredKRSP Frontend File UploaderUltimate Blocks – 25+ Gutenberg Blocks for Block EditorStarfish Review Generation & Marketing for WordPressB2B Request a QuoteLivemesh Addons by ElementorWP Contact Slider – Contact Form Slider WidgetTK SmugMug Slideshow ShortcodeEmails Blacklist for Everest FormsCoinbase Commerce – Crypto Gateway for WooCommerceUnlimited Elements For ElementorWooCommerce Variation Swatches for ProductsWCC SEO Keyword ResearchRankBearGift Message for WooCommerceSouth Pole: Climate action nowWidgets on PagesContact Widgets For Elementor all the contact links you need in one placeSecurity Ninja – WordPress Security & FirewallProduct Country Restrictions for WooCommerce – Country CatalogsGallery PhotoBlocksWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLSparrow: Product Reviews and Ratings for WooCommerceLive Scores for SportsPressBroadcast LiteAffiliate Link Builder Plugin for Amazon Associates – Review EngineBulk Edit Products for WooCommerce – WP Sheet EditorDivi CollageEasy Age VerifyDisable Payment Methods based on cart conditions for WooCommerceDashy – Google Analytics advanced dashboardCheckout with Venmo on EDDWP Smart Export (Free)Better Messages – WCFM IntegrationAdvanced Custom Fields options import/exportTurbo WidgetsArendelleExtra Fees for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-13358
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.60%
||
7 Day CHG~0.00%
Published-01 Mar, 2025 | 03:22
Updated-08 Apr, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting.

Action-Not Available
Vendor-themekraftthemekraft
Product-buddypress_woocommerce_my_account_integrationBuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages
CWE ID-CWE-862
Missing Authorization
CVE-2024-1158
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:26
Updated-08 Apr, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published.

Action-Not Available
Vendor-themekraftthemekraft
Product-buddyformsPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
CWE ID-CWE-862
Missing Authorization
CVE-2024-1170
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-8.2||HIGH
EPSS-0.50% / 66.20%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 11:01
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.

Action-Not Available
Vendor-themekraftthemekraft
Product-post_formPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)
CWE ID-CWE-862
Missing Authorization
CVE-2024-1169
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.63% / 70.42%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 11:01
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.

Action-Not Available
Vendor-themekraftthemekraftsvenl7
Product-post_formPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)post_form
CWE ID-CWE-862
Missing Authorization
CVE-2026-31916
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:41
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Latest Post Shortcode plugin <= 14.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1.

Action-Not Available
Vendor-Iulia Cazan
Product-Latest Post Shortcode
CWE ID-CWE-862
Missing Authorization
CVE-2023-6496
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 61.52%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Manage Notification E-mails <= 1.8.5 - Missing Authorization

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings.

Action-Not Available
Vendor-freeamigosvirgial
Product-manage_notification_e-mailsManage Notification E-mails
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2026-32413
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Permalink Manager Lite plugin < 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.

Action-Not Available
Vendor-Maciej Bis
Product-Permalink Manager Lite
CWE ID-CWE-862
Missing Authorization
CVE-2026-32332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:41
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Form plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Easy Form
CWE ID-CWE-862
Missing Authorization
CVE-2025-30592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 51.05%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dewplayer - plugin <= 1.6 Broken Access Control Vulnerability

Missing Authorization vulnerability in WesternDeal Advanced Dewplayer advanced-dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Dewplayer: from n/a through <= 1.6.

Action-Not Available
Vendor-WesternDeal
Product-Advanced Dewplayer
CWE ID-CWE-862
Missing Authorization
CVE-2026-32404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Studio99 WP Monitor plugin <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.

Action-Not Available
Vendor-Studio99
Product-Studio99 WP Monitor
CWE ID-CWE-862
Missing Authorization
CVE-2023-6325
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.73% / 72.77%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 04:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.

Action-Not Available
Vendor-romethemerometheme
Product-RTMForm Builderromethemeform_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2026-32409
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

Action-Not Available
Vendor-WPMU DEV - Your All-in-One WordPress Platform
Product-Forminator
CWE ID-CWE-862
Missing Authorization
CVE-2026-32395
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.

Action-Not Available
Vendor-Xpro
Product-Xpro Addons For Beaver Builder – Lite
CWE ID-CWE-862
Missing Authorization
CVE-2026-32410
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.

Action-Not Available
Vendor-WBW Plugins
Product-WBW Currency Switcher for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-32396
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.

Action-Not Available
Vendor-RadiusTheme
Product-Team
CWE ID-CWE-862
Missing Authorization
CVE-2023-6785
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 60.27%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:26
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Download Manager <= 3.2.84 - Missing Authorization

The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).

Action-Not Available
Vendor-WordPress Download Manager ProW3 Eden, Inc.Shahjada (codename065)
Product-download_managerDownload Manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2026-32397
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filter & Grids plugin <= 3.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.

Action-Not Available
Vendor-YMC
Product-Filter & Grids
CWE ID-CWE-862
Missing Authorization
CVE-2026-31915
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 2.14%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:41
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flatsome theme <= 3.19.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6.

Action-Not Available
Vendor-UX-themes
Product-Flatsome
CWE ID-CWE-862
Missing Authorization
CVE-2024-12184
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 60.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 03:21
Updated-08 Apr, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download other user submitted forms.

Action-Not Available
Vendor-cimatticimatti
Product-wordpress_contact_formsContact Forms by Cimatti
CWE ID-CWE-862
Missing Authorization
CVE-2026-3208
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.58%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 03:27
Updated-06 May, 2026 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve PIX payment QR code images for arbitrary orders. PIX QR codes contain sensitive merchant information including PIX keys (which may be CPF/CNPJ personal identifiers), transaction amounts, merchant name and city, and MercadoPago transaction references.

Action-Not Available
Vendor-mercadopago
Product-Mercado Pago payments for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-5612
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-25.62% / 96.30%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 02:02
Updated-20 Nov, 2025 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in GitLab

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLabgitlab
CWE ID-CWE-862
Missing Authorization
CVE-2026-32230
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 16.16%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 18:13
Updated-19 Mar, 2026 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query before returning data. The ping endpoint skips this check entirely, allowing unauthenticated users to extract average ping/response time data for private monitors. This vulnerability is fixed in 2.2.0.

Action-Not Available
Vendor-uptime.kumalouislam
Product-uptime_kumauptime-kuma
CWE ID-CWE-862
Missing Authorization
CVE-2026-32565
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 09:31
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through < 4.2.2.

Action-Not Available
Vendor-Ajay
Product-Contextual Related Posts
CWE ID-CWE-862
Missing Authorization
CVE-2026-32421
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 11:42
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.

Action-Not Available
Vendor-Agile Logix
Product-Post Timeline
CWE ID-CWE-862
Missing Authorization
CVE-2023-6001
Matching Score-4
Assigner-Yugabyte, Inc.
ShareView Details
Matching Score-4
Assigner-Yugabyte, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.18%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 23:25
Updated-17 Sep, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prometheus Metrics Accessible Pre-Authentication

Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.

Action-Not Available
Vendor-yugabyteYugabyteDB
Product-yugabytedbYugabyteDB Anywhere
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2023-5331
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.45%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:40
Updated-05 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Information Leak via IDOR in file_id in Draft Posts

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-862
Missing Authorization
CVE-2025-30591
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 57.19%
||
7 Day CHG~0.00%
Published-24 Mar, 2025 | 13:47
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Music Press Pro plugin <= 1.4.6 Broken Access Control Vulnerability

Missing Authorization vulnerability in tuyennv Music Press Pro music-press-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Music Press Pro: from n/a through <= 1.4.6.

Action-Not Available
Vendor-tuyennv
Product-Music Press Pro
CWE ID-CWE-862
Missing Authorization
CVE-2026-30885
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.19%
||
7 Day CHG-0.03%
Published-09 Mar, 2026 | 22:35
Updated-13 Mar, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playlist names, video IDs, and playlist status for any user on the platform. This vulnerability is fixed in 25.0.

Action-Not Available
Vendor-wwbnWWBN
Product-avideoAVideo
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2024-1121
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 60.27%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 21:21
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.

Action-Not Available
Vendor-hookturnphilkurthhookturn
Product-advanced_forms_for_acfAdvanced Forms for ACFadvanced_forms_for_acf
CWE ID-CWE-862
Missing Authorization
CVE-2026-22680
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 17:08
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenViking < 0.3.3 Missing Authorization via Task Polling

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/{task_id} routes without authentication to expose task type, task status, resource identifiers, archive URIs, result payloads, and error information, potentially causing cross-tenant interference in multi-tenant deployments.

Action-Not Available
Vendor-volcengineVolcengine
Product-openvikingOpenViking
CWE ID-CWE-862
Missing Authorization
CVE-2026-27796
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-07 Mar, 2026 | 05:54
Updated-10 Mar, 2026 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service URLs, integration names, and service types. This issue has been patched in version 1.54.0.

Action-Not Available
Vendor-homarrhomarr-labs
Product-homarrhomarr
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-862
Missing Authorization
CVE-2026-23543
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:26
Updated-28 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Addons for Elementor plugin <= 6.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5.

Action-Not Available
Vendor-WPDeveloper
Product-Essential Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2026-25370
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Compress plugin <= 6.60.28 - Broken Access Control vulnerability

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.

Action-Not Available
Vendor-AresIT
Product-WP Compress
CWE ID-CWE-862
Missing Authorization
CVE-2026-24982
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.17.

Action-Not Available
Vendor-Brainstorm Force
Product-Spectra
CWE ID-CWE-862
Missing Authorization
CVE-2023-51537
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.44%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 09:02
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5.

Action-Not Available
Vendor-awesomesupportAwesome Support Teamawesomesupport
Product-awesome_support_wordpress_helpdesk_\&_supportAwesome Supportawesome_support_wordpress_helpdesk_\&_support
CWE ID-CWE-862
Missing Authorization
CVE-2026-25436
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.13%
||
7 Day CHG+0.01%
Published-07 May, 2026 | 07:34
Updated-07 May, 2026 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Royal Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2026-25333
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:26
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shopwell theme <= 1.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11.

Action-Not Available
Vendor-peregrinethemes
Product-Shopwell
CWE ID-CWE-862
Missing Authorization
CVE-2026-25404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.

Action-Not Available
Vendor-Automattic Inc.
Product-WP Job Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-51682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:31
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ibericode MC4WP.This issue affects MC4WP: from n/a through 4.9.9.

Action-Not Available
Vendor-ibericodeibericode
Product-mailchimpMC4WP
CWE ID-CWE-862
Missing Authorization
CVE-2026-24368
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

Action-Not Available
Vendor-Theme-one
Product-The Grid
CWE ID-CWE-862
Missing Authorization
CVE-2023-35777
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 51.01%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2.

Action-Not Available
Vendor-The Events CalendarThe Events Calendar (StellarWP)
Product-The Events Calendar
CWE ID-CWE-862
Missing Authorization
CVE-2026-24366
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.92%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.

Action-Not Available
Vendor-Your Inspiration Solutions S.L.U. (YITH) (YITHEMES)
Product-YITH WooCommerce Request A Quote
CWE ID-CWE-862
Missing Authorization
CVE-2023-47847
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.42% / 62.32%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayTR Taksit Tablosu plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1.

Action-Not Available
Vendor-PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş.
Product-PayTR Taksit Tablosu
CWE ID-CWE-862
Missing Authorization
CVE-2023-48247
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 45.21%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 10:40
Updated-17 Jun, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.

Action-Not Available
Vendor-Bosch Rexroth AGRobert Bosch GmbH
Product-nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)nexo-osnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)nexo_special_cordless_nutrunner_\(0608pe2272\)nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)nexo_special_cordless_nutrunner_\(0608pe2673\)nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)nexo_special_cordless_nutrunner_\(0608pe2514\)nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)nexo_special_cordless_nutrunner_\(0608pe2301\)nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)nexo_special_cordless_nutrunner_\(0608pe2666\)nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)nexo_special_cordless_nutrunner_\(0608pe2515\)nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Nexo cordless nutrunner NXA011S-36V (0608842011)Nexo cordless nutrunner NXV012T-36V (0608842015)Nexo cordless nutrunner NXA011S-36V-B (0608842012)Nexo special cordless nutrunner (0608PE2301)Nexo cordless nutrunner NXA030S-36V-B (0608842007)Nexo special cordless nutrunner (0608PE2514)Nexo cordless nutrunner NXA015S-36V-B (0608842006)Nexo special cordless nutrunner (0608PE2272)Nexo cordless nutrunner NXA065S-36V (0608842013)Nexo cordless nutrunner NXA050S-36V (0608842003)Nexo cordless nutrunner NXA050S-36V-B (0608842008)Nexo special cordless nutrunner (0608PE2666)Nexo special cordless nutrunner (0608PE2673)Nexo cordless nutrunner NXA065S-36V-B (0608842014)Nexo special cordless nutrunner (0608PE2515)Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Nexo cordless nutrunner NXP012QD-36V (0608842005)Nexo cordless nutrunner NXV012T-36V-B (0608842016)Nexo cordless nutrunner NXA015S-36V (0608842001)Nexo cordless nutrunner NXA030S-36V (0608842002)
CWE ID-CWE-862
Missing Authorization
CVE-2023-4645
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 01:53
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.

Action-Not Available
Vendor-igorfunaspacetime
Product-ad_inserterAd Inserter – Ad Manager & AdSense Ads
CWE ID-CWE-862
Missing Authorization
CVE-2023-46606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.67%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.4.

Action-Not Available
Vendor-Team AtomChat
Product-AtomChat
CWE ID-CWE-862
Missing Authorization
CVE-2023-4637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.86% / 75.20%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 21:21
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPvivid <= 0.9.94 - Missing Authorization

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.

Action-Not Available
Vendor-wpvividwpvividplugins
Product-migration\,_backup\,_stagingWPvivid — Backup, Migration & Staging
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found