Medium · CVSS 4.3
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control luckywp-scripts-control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through <= 1.2.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
High · CVSS 7.5
Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.3.5.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in KaizenCoders Short URL shorten-url allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through <= 1.6.8.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics visitors-traffic-real-time-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through <= 7.2.
Published Jan 2, 2025 · Updated Apr 29, 2026
High · CVSS 7.5
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 7.8.0.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in CoCart Headless CoCart – Headless ecommerce cart-rest-api-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoCart – Headless ecommerce: from n/a through <= 3.11.2.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.41.
Published Jan 2, 2025 · Updated Apr 29, 2026
High · CVSS 7.5
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.2.6.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words css3-rotating-words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through <= 5.4.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in PressTigers Simple Job Board simple-job-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through <= 2.10.5.
Published Jan 2, 2025 · Updated Apr 29, 2026
High · CVSS 8.8
Missing Authorization vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through <= 2.4.6.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.2.0.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce product-recommendation-quiz-for-ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through <= 2.1.2.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in Mohamed Magdy Quill Forms quillforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through <= 3.3.0.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in codedraft Mediabay mediabay-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through <= 1.6.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Team AtomChat AtomChat atomchat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through <= 1.1.4.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in FeedFocal FeedFocal feedfocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through <= 1.2.2.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in WP Chill Kali Forms kali-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kali Forms: from n/a through <= 2.3.28.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through <= 5.36.0.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Webの相談所 MW WP Form mw-wp-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through <= 4.4.5.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in codepeople Appointment Hour Booking appointment-hour-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through <= 1.4.23.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso social-testimonials-and-reviews-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through <= 4.97.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through <= 1.4.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 6.5
Missing Authorization vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through <= 1.3.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through <= 1.1.9.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in RumbleTalk RumbleTalk Live Group Chat rumbletalk-chat-a-chat-with-themes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through <= 6.2.5.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in WP Chill Kali Forms kali-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kali Forms: from n/a through <= 2.3.27.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder broken-link-finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through <= 2.4.2.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in Mario Peshev DX Delete Attached Media dx-delete-attached-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through <= 2.0.5.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
High · CVSS 7.3
Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.4
Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 4.3
Missing Authorization vulnerability in WPXPO WowStore product-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowStore: from n/a through <= 2.7.8.
Published Jan 2, 2025 · Updated Apr 29, 2026
Medium · CVSS 5.3
Missing Authorization vulnerability in awsm.in WP Job Openings wp-job-openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through <= 3.4.1.
Published Jan 2, 2025 · Updated Apr 29, 2026
Critical · CVSS 10
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1.
Published Jan 24, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
Published Jan 8, 2024 · Updated Apr 28, 2026
Critical · CVSS 10
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.
Published Jan 8, 2024 · Updated Apr 28, 2026
Critical · CVSS 10
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8.
Published Jan 8, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.9
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1.
Published Jan 8, 2024 · Updated Apr 28, 2026
Medium · CVSS 4.3
Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.
Published Jan 8, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1.
Published Jan 8, 2024 · Updated Apr 28, 2026
Medium · CVSS 5.4
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0.
Published Jan 5, 2026 · Updated Apr 28, 2026
High · CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12.
Published Jan 8, 2024 · Updated Apr 28, 2026
Critical · CVSS 9.1
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0.
Published Jan 8, 2024 · Updated Apr 28, 2026
High · CVSS 8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.
Published Jan 8, 2024 · Updated Apr 28, 2026
High · CVSS 7.7
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.
Published Jan 8, 2024 · Updated Apr 28, 2026