Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-66159

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-31 Dec, 2025 | 16:51
Updated At-28 Apr, 2026 | 16:14
Rejected At-
Credits

WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through <= 1.1.6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:31 Dec, 2025 | 16:51
Updated At:28 Apr, 2026 | 16:14
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through <= 1.1.6.

Affected Products
Vendor
merkulove
Product
Walker for Elementor
Collection URL
https://elements.envato.com
Package Name
walker-elementor
Default Status
unaffected
Versions
Affected
  • From 0 through 1.1.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Phat RiO | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/walker-elementor/vulnerability/wordpress-walker-for-elementor-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/walker-elementor/vulnerability/wordpress-walker-for-elementor-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:31 Dec, 2025 | 17:15
Updated At:23 Apr, 2026 | 15:35

Missing Authorization vulnerability in merkulove Walker for Elementor walker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through <= 1.1.6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/walker-elementor/vulnerability/wordpress-walker-for-elementor-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/walker-elementor/vulnerability/wordpress-walker-for-elementor-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

431Records found
CVE-2025-66143
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Crumber plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.

Action-Not Available
Vendor-merkulove
Product-Crumber
CWE ID-CWE-862
Missing Authorization
CVE-2025-66153
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:31
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Headinger for Elementor headinger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through <= 1.1.4.

Action-Not Available
Vendor-merkulove
Product-Headinger for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66152
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:32
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Criptopayer for Elementor criptopayer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through <= 1.0.1.

Action-Not Available
Vendor-merkulove
Product-Criptopayer for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66151
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:32
Updated-12 May, 2026 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Countdowner for Elementor countdowner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through <= 1.0.4.

Action-Not Available
Vendor-merkulove
Product-Countdowner for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66155
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 17:00
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Questionar for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Questionar for Elementor questionar-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through <= 1.1.7.

Action-Not Available
Vendor-merkulove
Product-Questionar for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66150
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:35
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through <= 1.1.1.

Action-Not Available
Vendor-merkulove
Product-Appender
CWE ID-CWE-862
Missing Authorization
CVE-2025-66158
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gmaper for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Gmaper for Elementor gmaper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through <= 1.0.9.

Action-Not Available
Vendor-merkulove
Product-Gmaper for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66154
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 17:01
Updated-12 May, 2026 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Couponer for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Couponer for Elementor couponer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through <= 1.1.7.

Action-Not Available
Vendor-merkulove
Product-Couponer for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66156
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 16:59
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Watcher for Elementor watcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through <= 1.0.9.

Action-Not Available
Vendor-merkulove
Product-Watcher for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66149
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 18:38
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through <= 3.1.3.

Action-Not Available
Vendor-merkulove
Product-UnGrabber
CWE ID-CWE-862
Missing Authorization
CVE-2025-66148
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 19:49
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Conformer for Elementor conformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through <= 1.0.7.

Action-Not Available
Vendor-merkulove
Product-Conformer for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66144
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 19:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Worker for Elementor worker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through <= 1.0.10.

Action-Not Available
Vendor-merkulove
Product-Worker for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66146
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 19:50
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Logger for Elementor logger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through <= 1.0.9.

Action-Not Available
Vendor-merkulove
Product-Logger for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66157
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 5.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 16:58
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sliper for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Sliper for Elementor sliper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sliper for Elementor: from n/a through <= 1.0.10.

Action-Not Available
Vendor-merkulove
Product-Sliper for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66145
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.99%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 19:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Worker for WPBakery worker-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through <= 1.1.1.

Action-Not Available
Vendor-merkulove
Product-Worker for WPBakery
CWE ID-CWE-862
Missing Authorization
CVE-2025-66140
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uper for Elementor plugin <= 1.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.

Action-Not Available
Vendor-merkulove
Product-Uper for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66160
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 2.60%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 16:50
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor graphist-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a through <= 1.2.10.

Action-Not Available
Vendor-merkulove
Product-Select Graphist for Elementor Graphist for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66136
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Carter for Elementor plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.

Action-Not Available
Vendor-merkulove
Product-Carter for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66141
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 1.93%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Scroller plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.

Action-Not Available
Vendor-merkulove
Product-Scroller
CWE ID-CWE-862
Missing Authorization
CVE-2025-66142
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comparimager for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.

Action-Not Available
Vendor-merkulove
Product-Comparimager for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66162
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04.

Action-Not Available
Vendor-merkulove
Product-Spoter for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66135
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Imager for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.

Action-Not Available
Vendor-merkulove
Product-Imager for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66147
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Coder for Elementor coder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coder for Elementor: from n/a through <= 1.0.13.

Action-Not Available
Vendor-merkulove
Product-Coder for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66165
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7.

Action-Not Available
Vendor-merkulove
Product-Lottier for WPBakery
CWE ID-CWE-862
Missing Authorization
CVE-2025-66163
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through <= 1.1.4.

Action-Not Available
Vendor-merkulove
Product-Masker for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66139
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.

Action-Not Available
Vendor-merkulove
Product-Audier For Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66138
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Motionger for Elementor plugin <= 2.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for Elementor: from n/a through <= 2.0.4.

Action-Not Available
Vendor-merkulove
Product-Motionger for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66164
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.

Action-Not Available
Vendor-merkulove
Product-Laser
CWE ID-CWE-862
Missing Authorization
CVE-2025-66167
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Lottier lottier-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier: from n/a through <= 1.1.1.

Action-Not Available
Vendor-merkulove
Product-Lottier
CWE ID-CWE-862
Missing Authorization
CVE-2025-66137
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Searcher for Elementor plugin <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3.

Action-Not Available
Vendor-merkulove
Product-Searcher for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66166
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Lottier for Elementor lottier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for Elementor: from n/a through <= 1.0.9.

Action-Not Available
Vendor-merkulove
Product-Lottier for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-66161
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Grider for Elementor plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through <= 1.0.8.

Action-Not Available
Vendor-merkulove
Product-Grider for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-68087
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:13
Updated-28 Apr, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modalier for Elementor: from n/a through <= 1.0.6.

Action-Not Available
Vendor-merkulove
Product-Modalier for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-68088
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:13
Updated-28 Apr, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through <= 1.1.5.

Action-Not Available
Vendor-merkulove
Product-Huger for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-68085
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:13
Updated-28 Apr, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability

Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elementor: from n/a through <= 1.0.6.

Action-Not Available
Vendor-merkulove
Product-Buttoner for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-68086
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 08:13
Updated-28 Apr, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Elementor: from n/a through <= 1.0.6.

Action-Not Available
Vendor-merkulove
Product-Reformer for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-9587
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 05:33
Updated-08 Apr, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings.

Action-Not Available
Vendor-linkz.aivittor1o
Product-linkz.aiLinkz.ai – Automatic link previews on hover
CWE ID-CWE-862
Missing Authorization
CVE-2023-5651
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 18:55
Updated-01 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts

Action-Not Available
Vendor-UnknownThimPress (PhysCode)
Product-wp_hotel_bookingWP Hotel Booking
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-5509
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.39%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 18:55
Updated-02 Aug, 2024 | 07:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.

Action-Not Available
Vendor-premioUnknown
Product-mystickymenuFloating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any Theme
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-32713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:08
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through 3.3.

Action-Not Available
Vendor-autowriterAutoWriter
Product-ai_post_generator_\|_autowriterAI Post Generator | AutoWriter
CWE ID-CWE-862
Missing Authorization
CVE-2023-5251
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.07%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 13:49
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. CVE-2023-34014 appears to be a duplicate of this issue.

Action-Not Available
Vendor-g5themeg5theme
Product-grid_plusGrid Plus – Unlimited grid layout
CWE ID-CWE-862
Missing Authorization
CVE-2025-31816
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 59.03%
||
7 Day CHG+0.15%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mobile App Canvas Plugin <= 3.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in pietro Mobile App Canvas mobile-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobile App Canvas: from n/a through <= 3.8.2.

Action-Not Available
Vendor-pietro
Product-Mobile App Canvas
CWE ID-CWE-862
Missing Authorization
CVE-2025-31879
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 37.64%
||
7 Day CHG-0.05%
Published-01 Apr, 2025 | 14:52
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Settings Change vulnerability

Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.4.

Action-Not Available
Vendor-Dmitry V. (CEO of "UKR Solution")
Product-Barcode Generator for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-52177
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 31.75%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:42
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.

Action-Not Available
Vendor-softlabbdSoftLab
Product-integrate_google_driveIntegrate Google Drive
CWE ID-CWE-862
Missing Authorization
CVE-2025-31923
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CSS3 Accordions for WordPress plugin <= 3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress css3_accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CSS3 Accordions for WordPress: from n/a through <= 3.0.

Action-Not Available
Vendor-QuanticaLabs
Product-CSS3 Accordions for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-51359
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.57%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg essential-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through <= 4.2.0.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2023-51516
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 00:58
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9.

Action-Not Available
Vendor-Strategy11
Product-business_directoryBusiness Directory Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-32220
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.64%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon booking system plugin <= 10.30.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon booking system: from n/a through <= 10.30.23.

Action-Not Available
Vendor-salonbookingsystemDimitri Grassi
Product-salon_booking_systemSalon booking system
CWE ID-CWE-862
Missing Authorization
CVE-2023-51671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.42%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:49
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3.

Action-Not Available
Vendor-FunnelKit
Product-FunnelKit Checkout
CWE ID-CWE-862
Missing Authorization
CVE-2023-51497
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:33
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9.

Action-Not Available
Vendor-WooCommerce
Product-WooCommerce Ship to Multiple Addresses
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found