Total
5737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7499 | 2025-08-18 | 5.3 Medium | ||
| The BetterDocs – Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents. | ||||
| CVE-2025-8898 | 2025-08-18 | 9.8 Critical | ||
| The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identity prior to updating their details like email address. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||
| CVE-2025-49432 | 1 Wordpress | 1 Wordpress | 2025-08-18 | 5.3 Medium |
| Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1. | ||||
| CVE-2025-54679 | 2 Vertim, Wordpress | 2 Neon Channel Product Customizer Free, Wordpress | 2025-08-16 | 7.5 High |
| Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0. | ||||
| CVE-2025-30639 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-08-16 | 7.5 High |
| Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9. | ||||
| CVE-2025-52775 | 2 Ronik Unlimitedwp, Wordpress | 2 Project Cost Calculator, Wordpress | 2025-08-16 | 7.1 High |
| Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0. | ||||
| CVE-2025-30993 | 3 Villatheme, Woocommerce, Wordpress | 4 Thank You Page Customizer For Woocommerce, Woocommerce Thank You Page Customizer, Woocommerce and 1 more | 2025-08-16 | 6.5 Medium |
| Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce – Increase Your Sales: from n/a through 1.1.7. | ||||
| CVE-2025-52731 | 2 Themefunction, Wordpress | 2 Wordpress Event Manager Event Calendar And Booking Plugin, Wordpress | 2025-08-16 | 7.5 High |
| Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24. | ||||
| CVE-2025-54712 | 3 Elementor, Hashthemes, Wordpress | 3 Elementor, Easy Elementor Addons, Wordpress | 2025-08-16 | 4.3 Medium |
| Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a through 2.2.7. | ||||
| CVE-2025-54730 | 2 Pareto Digital, Wordpress | 2 Embedder For Google Reviews, Wordpress | 2025-08-16 | 5.3 Medium |
| Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3. | ||||
| CVE-2025-8342 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2025-08-16 | 8.1 High |
| The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured. | ||||
| CVE-2025-53341 | 2 Themovation, Wordpress | 2 Stratus, Wordpress | 2025-08-15 | 4.3 Medium |
| Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5. | ||||
| CVE-2025-55712 | 2 Posimyth, Wordpress | 2 The Plus Addons For Elementor Page Builder Lite, Wordpress | 2025-08-15 | 6.5 Medium |
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13. | ||||
| CVE-2025-53221 | 2 Codeablepress, Wordpress | 2 Codeablepress, Wordpress | 2025-08-15 | 4.3 Medium |
| Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0. | ||||
| CVE-2025-54717 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2025-08-15 | 5.4 Medium |
| Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3. | ||||
| CVE-2025-55716 | 2 Veronalabs, Wordpress | 2 Wp Statistics, Wordpress | 2025-08-15 | 4.3 Medium |
| Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15. | ||||
| CVE-2025-53343 | 2 Goodlayers, Wordpress | 2 Modernize, Wordpress | 2025-08-15 | 4.3 Medium |
| Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0. | ||||
| CVE-2025-54739 | 2 Posimyth, Wordpress | 2 Nexter Blocks, Wordpress | 2025-08-15 | 5.3 Medium |
| Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a through 4.5.4. | ||||
| CVE-2025-28962 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 6.5 Medium |
| Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Google Universal Analytics: from n/a through 1.0.3. | ||||
| CVE-2025-31425 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.5 High |
| Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | ||||