Search Results (11864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-32589 2 Ukrsolution, Wordpress 2 Barcode Scanner And Inventory Manager, Wordpress 2026-04-23 7.1 High
Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.5.3.
CVE-2024-31421 1 Supsystic 1 Popup 2026-04-23 4.3 Medium
Missing Authorization vulnerability in supsystic Popup by Supsystic popup-by-supsystic.This issue affects Popup by Supsystic: from n/a through <= 1.10.27.
CVE-2024-31281 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-23 6.3 Medium
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.
CVE-2024-31246 1 Wpxpo 1 Postx 2026-04-23 5.4 Medium
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 3.2.3.
CVE-2024-30534 1 Typps 1 Calendarista 2026-04-23 6.5 Medium
Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through <= 3.0.5.
CVE-2024-30529 1 Tainacan 1 Tainacan 2026-04-23 5.3 Medium
Missing Authorization vulnerability in tainacan Tainacan tainacan.This issue affects Tainacan: from n/a through <= 0.20.7.
CVE-2024-30505 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-23 5.4 Medium
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
CVE-2024-27950 1 Sirv 1 Sirv 2026-04-23 5.4 Medium
Missing Authorization vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.0.
CVE-2024-24833 1 Leevio 1 Happy Addons For Elementor 2026-04-23 4.3 Medium
Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.This issue affects Happy Addons for Elementor: from n/a through <= 3.10.1.
CVE-2023-50904 2 Ays-pro, Poll Maker Team 2 Poll Maker, Poll Maker 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.8.0.
CVE-2023-49857 2 Awesomesupport, Getawesomesupport 2 Awesome Support Wordpress Helpdesk \& Support, Awesome Support 2026-04-23 6.5 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.
CVE-2023-49831 1 Metagauss 1 Registrationmagic 2026-04-23 7.5 High
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0.
CVE-2023-49757 1 Getawesomesupport 1 Awesome Support 2026-04-23 5.4 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.10.
CVE-2023-48324 1 Getawesomesupport 1 Awesome Support 2026-04-23 5.4 Medium
Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.4.
CVE-2023-47807 1 10web 1 10webanalytics 2026-04-23 4.3 Medium
Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through <= 1.2.12.
CVE-2023-45766 1 Ays-pro 1 Poll Maker 2026-04-23 5.3 Medium
Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through <= 4.7.1.
CVE-2023-45765 1 Wedevs 1 Wp Erp 2026-04-23 4.3 Medium
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.
CVE-2026-35464 1 Pyload 1 Pyload 2026-04-23 7.5 High
pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. This vulnerability is fixed with commit c4cf995a2803bdbe388addfc2b0f323277efc0e1.
CVE-2026-34082 2 Dify, Langgenius 2 Dify, Dify 2026-04-23 4.3 Medium
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.
CVE-2026-39957 1 Lycheeorg 1 Lychee 2026-04-23 4.3 Medium
Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhereNotNull('user_group_id') clause to escape the ownership filter applied by the when() block. Any authenticated non-admin user with upload permission who owns at least one album can retrieve all user-group-based sharing permissions across the entire instance, including private albums owned by other users. This vulnerability is fixed in 7.5.4.