Total
6399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66158 | 2 Merkulove, Wordpress | 2 Gmaper For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Gmaper for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through 1.0.9. | ||||
| CVE-2025-66159 | 2 Merkulove, Wordpress | 2 Walker For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Walker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through 1.1.6. | ||||
| CVE-2025-66157 | 2 Merkulove, Wordpress | 2 Slider For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider for Elementor: from n/a through 1.0.10. | ||||
| CVE-2025-49339 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0. | ||||
| CVE-2025-66156 | 2 Merkulove, Wordpress | 2 Watcher For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a through 1.0.9. | ||||
| CVE-2025-62874 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6. | ||||
| CVE-2025-66150 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1. | ||||
| CVE-2025-66149 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove UnGrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through 3.1.3. | ||||
| CVE-2025-66144 | 2 Merkulove, Wordpress | 2 Worker For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Worker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through 1.0.10. | ||||
| CVE-2025-66145 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Worker for WPBakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through 1.1.1. | ||||
| CVE-2025-66146 | 2 Merkulove, Wordpress | 2 Logger For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Logger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through 1.0.9. | ||||
| CVE-2025-66148 | 2 Merkulove, Wordpress | 2 Conformer For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Conformer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conformer for Elementor: from n/a through 1.0.7. | ||||
| CVE-2015-10140 | 1 Connekthq | 1 Ajax Load More | 2026-01-02 | 8.8 High |
| The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files. | ||||
| CVE-2019-25214 | 2 Shopwp, Wpshop | 2 Shopwp, Shopwp | 2026-01-02 | 7.2 High |
| The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin's settings and injecting malicious scripts. | ||||
| CVE-2025-30398 | 1 Microsoft | 3 Nuance Powerscribe, Nuance Powerscribe 360, Nuance Powerscribe One | 2026-01-02 | 8.1 High |
| Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-66022 | 2 Factionsecurity, Owasp | 2 Faction, Faction | 2026-01-02 | 9.7 Critical |
| FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1. | ||||
| CVE-2023-22699 | 1 Mainwp | 1 Mainwp Wordfence Extension | 2025-12-31 | 5.4 Medium |
| Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7. | ||||
| CVE-2023-23985 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-31 | 3.7 Low |
| Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4. | ||||
| CVE-2025-68861 | 2 Plugin Optimizer, Wordpress | 2 Plugin Optimizer, Wordpress | 2025-12-31 | 7.1 High |
| Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7. | ||||
| CVE-2020-36902 | 1 Medivision | 3 Digital Signage, Medivision Digital Signage, Medivision Digital Signage Firmware | 2025-12-30 | 9.8 Critical |
| UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication. | ||||