Total
6399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66736 | 1 Youlai | 1 Youlai-boot | 2026-01-06 | 7.1 High |
| youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability. | ||||
| CVE-2025-15406 | 1 Phpgurukul | 1 Online Course Registration | 2026-01-05 | 6.3 Medium |
| A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-14047 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.3 Medium |
| The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment. | ||||
| CVE-2025-14428 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 4.3 Medium |
| The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'my_sticky_elements_bulks' function in all versions up to, and including, 2.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all contact form leads stored by the plugin. | ||||
| CVE-2025-15405 | 1 Phpems | 1 Phpems | 2026-01-05 | 4.3 Medium |
| A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched remotely. | ||||
| CVE-2025-14155 | 3 Elementor, Leap13, Wordpress | 4 Elementor, Premium Addons, Premium Addons For Elementor and 1 more | 2026-01-05 | 5.3 Medium |
| The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_template_content' function in all versions up to, and including, 4.11.53. This makes it possible for unauthenticated attackers to view the content of private, draft, and pending templates. | ||||
| CVE-2025-62138 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in CedCommerce WP Advanced PDF allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through 1.1.7. | ||||
| CVE-2025-62888 | 2 Marcomilesi, Wordpress | 2 Wp Attachments, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2. | ||||
| CVE-2025-62108 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in SaifuMak Add Custom Codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through 4.80. | ||||
| CVE-2025-62091 | 2 Vollstart, Wordpress | 2 Serial Codes Generator And Validator With Woocommerce Support, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2. | ||||
| CVE-2025-62098 | 2 Totalsoft, Wordpress | 2 Portfolio Gallery, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in Totalsoft Portfolio Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through 1.4.8. | ||||
| CVE-2025-49349 | 2 Reuters News Agency, Wordpress | 2 Reuters Direct, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0. | ||||
| CVE-2025-63001 | 2 Nicdark, Wordpress | 2 Hotel Booking, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in nicdark Hotel Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through 3.8. | ||||
| CVE-2025-9549 | 2 Drupal, Facets Project | 2 Drupal, Facets | 2026-01-05 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. | ||||
| CVE-2025-14817 | 3 Google, Tecno, Transsion | 4 Android, Factory Mode App, Hios and 1 more | 2026-01-05 | 6.5 Medium |
| The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction. | ||||
| CVE-2025-62081 | 3 Channelize.io, Woocommerce, Wordpress | 3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0. | ||||
| CVE-2025-62147 | 2 Realbig, Wordpress | 2 Realbig, Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3. | ||||
| CVE-2025-62145 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.3 Medium |
| Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0. | ||||
| CVE-2025-66152 | 2 Merkulove, Wordpress | 2 Criptopayer For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1. | ||||
| CVE-2025-66151 | 2 Merkulove, Wordpress | 2 Countdowner For Elementor, Wordpress | 2026-01-05 | 5.4 Medium |
| Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4. | ||||