Search Results (8625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-32447 2 Vito Peleg, Wordpress 2 Atarim, Wordpress 2026-04-22 4.3 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.
CVE-2026-1870 2 Thimpress, Wordpress 2 Thim Kit For Elementor – Pre-built Templates & Widgets For Elementor, Wordpress 2026-04-22 5.3 Medium
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to disclose private or draft LearnPress course content by supplying post_status in the params_url payload.
CVE-2026-32416 2 Bplugins, Wordpress 2 Pdf Poster, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
CVE-2026-4063 2 Wordpress, Wpzoom 2 Wordpress, Social Icons Widget & Block – Social Media Icons & Share Buttons 2026-04-22 4.3 Medium
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.
CVE-2026-32338 2 Rarathemes, Wordpress 2 Construction Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
CVE-2026-32329 2 Ays Pro, Wordpress 2 Advanced Related Posts, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1.
CVE-2026-32487 2 Rarathemes, Wordpress 2 Lawyer Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
CVE-2026-32446 2 Syed Balkhi, Wordpress 2 Contact Form By Wpforms, Wordpress 2026-04-22 4.3 Medium
Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.
CVE-2026-32432 2 Codepeople, Wordpress 2 Wp Time Slots Booking Form, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.
CVE-2026-32376 2 Raratheme, Wordpress 2 Kalon, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.
CVE-2026-32375 2 Raratheme, Wordpress 2 Travel Diaries, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.
CVE-2026-32371 2 Rarathemes, Wordpress 2 Elegant Pink, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3.
CVE-2026-32370 2 Raratheme, Wordpress 2 Influencer, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.
CVE-2026-32348 2 Madrasthemes, Wordpress 2 Mas Videos, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
CVE-2026-32373 2 Cozyvision, Wordpress 2 Sms Alert Order Notifications, Wordpress 2026-04-22 5.4 Medium
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.
CVE-2026-32377 2 Raratheme, Wordpress 2 Pranayama Yoga, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.
CVE-2026-32379 2 Raratheme, Wordpress 2 Rara Academic, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
CVE-2026-32380 2 Raratheme, Wordpress 2 Numinous, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.
CVE-2026-32381 2 Raratheme, Wordpress 2 App Landing Page, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.
CVE-2026-32387 2 Noorsplugin, Wordpress 2 Checkout For Paypal, Wordpress 2026-04-22 5.3 Medium
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.