Total
5857 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66065 | 2025-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1. | |||||
| CVE-2025-13468 | 1 Oretnom23 | 1 Alumni Management System | 2025-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/admin_class.php of the component Delete Handler. Executing manipulation of the argument ID can lead to missing authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-64384 | 2025-11-21 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3. | |||||
| CVE-2025-66112 | 2025-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4. | |||||
| CVE-2025-66099 | 2025-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3. | |||||
| CVE-2025-66089 | 2025-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1. | |||||
| CVE-2025-66075 | 2025-11-21 | N/A | 4.2 MEDIUM | ||
| Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3. | |||||
| CVE-2025-66069 | 2025-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16. | |||||
| CVE-2025-66063 | 2025-11-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4. | |||||
| CVE-2025-66101 | 2025-11-21 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1. | |||||
| CVE-2025-66060 | 2025-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | |||||
| CVE-2025-64684 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | N/A | 4.3 MEDIUM |
| In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form | |||||
| CVE-2025-12778 | 2025-11-21 | N/A | 5.3 MEDIUM | ||
| The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_filter_users function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to extract partial metadata of all WordPress users, including their first name, last name and email addresses. | |||||
| CVE-2025-12170 | 2025-11-21 | N/A | 5.3 MEDIUM | ||
| The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_ajax_nopriv_checkbox_clean_log' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files. | |||||
| CVE-2025-11985 | 2025-11-21 | N/A | 8.8 HIGH | ||
| The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rp_save_property_settings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-66110 | 2025-11-21 | N/A | N/A | ||
| Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.22. | |||||
| CVE-2025-13149 | 2025-11-21 | N/A | 4.3 MEDIUM | ||
| The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the "saveFutureActionData" function in all versions up to, and including, 4.9.1. This makes it possible for authenticated attackers, with author level access and above, to change the status of arbitrary posts and pages via the REST API endpoint. | |||||
| CVE-2025-66096 | 2025-11-21 | N/A | N/A | ||
| Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Tableberg tableberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by Tableberg: from n/a through <= 0.6.9. | |||||
| CVE-2025-11003 | 2025-11-21 | N/A | 6.4 MEDIUM | ||
| The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to save templates that contain custom JavaScript. | |||||
| CVE-2025-10938 | 2025-11-21 | N/A | 6.5 MEDIUM | ||
| The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks. | |||||