Total
6399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22715 | 2 Loopus, Wordpress | 2 Wp Attractive Donations System, Wordpress | 2026-01-09 | 8.1 High |
| Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | ||||
| CVE-2025-14360 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 9.8 Critical |
| Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15. | ||||
| CVE-2026-0676 | 1 Wordpress | 1 Wordpress | 2026-01-09 | N/A |
| Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7. | ||||
| CVE-2025-14358 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 9.8 Critical |
| Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5. | ||||
| CVE-2025-67926 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 8.8 High |
| Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4. | ||||
| CVE-2025-67913 | 2 Aruba, Wordpress | 2 Aruba Hispeed Cache, Wordpress | 2026-01-09 | 9.8 Critical |
| Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3. | ||||
| CVE-2025-67917 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 8.1 High |
| Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | ||||
| CVE-2026-22522 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 6.5 Medium |
| Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3. | ||||
| CVE-2026-22487 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2. | ||||
| CVE-2026-22517 | 2 Passionate Brains, Wordpress | 2 Ga4wp, Wordpress | 2026-01-09 | 5.4 Medium |
| Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0. | ||||
| CVE-2026-22488 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 5.3 Medium |
| Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8. | ||||
| CVE-2026-22486 | 2 Hakob, Wordpress | 2 Re Gallery Responsive Photo Gallery Plugin, Wordpress | 2026-01-09 | 5.3 Medium |
| Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18. | ||||
| CVE-2026-22492 | 1 Wordpress | 1 Wordpress | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04. | ||||
| CVE-2026-22490 | 2 Niklaslindemann, Wordpress | 2 Bulk Landing Page Creator For Wordpress Lpagery, Wordpress | 2026-01-09 | 5.4 Medium |
| Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9. | ||||
| CVE-2025-14886 | 3 Shoheitanaka, Woocommerce, Wordpress | 3 Japanized For Woocommerce, Woocommerce, Wordpress | 2026-01-09 | 5.3 Medium |
| The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order as processed/completed. | ||||
| CVE-2025-14782 | 2 Wordpress, Wpmudev | 2 Wordpress, Forminator Forms | 2026-01-09 | 5.3 Medium |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_export' function. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with access to the Forminator dashboard, to export sensitive form submission data including personally identifiable information. | ||||
| CVE-2025-14718 | 2 Publishpress, Wordpress | 2 Schedule Post Changes With Publishpress Future, Wordpress | 2026-01-09 | 5.4 Medium |
| The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to create, update, delete, and publish malicious workflows that may automatically delete any post upon publication or update, including posts created by administrators. | ||||
| CVE-2025-14720 | 2 Ameliabooking, Wordpress | 2 Booking For Appointments And Events Calendar, Wordpress | 2026-01-09 | 5.3 Medium |
| The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as refunded, trigger sending of queued notifications (emails/SMS/WhatsApp), and access debug information among other things. | ||||
| CVE-2025-9294 | 2 Expresstech, Wordpress | 2 Quiz And Survey Master, Wordpress | 2026-01-09 | 4.3 Medium |
| The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results. | ||||
| CVE-2025-15070 | 1 Gmission | 1 Web Fax | 2026-01-09 | 5.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.This issue affects Web Fax: 3.0 | ||||