EUVD-2025-36619

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

WordPress plugin Evergreen Content Poster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-11154

CVE-2025-11154 affects IDonate for WordPress, vulnerable in versions prior to 2.1.13 due to missing authorization and CSRF protection when deleting users via an action handler. This unauthenticated flow allows an attacker to delete arbitrary users. Reported across multiple sources (Wordfence, Pat...

EUVD-2025-36053

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through = 7.0.3...

CVE-2025-62980

CVE-2025-62980 is a Missing Authorization (broken access control) vulnerability in the WordPress plugin Persian Admnin Fonts, affecting versions up to and including 4.1.03. The connected sources indicate an unauthorized access risk due to misconfigured access control. Patch status is not publicly...

PT-2025-43836

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.4...

WordPress plugin WP-Lister Lite for eBay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Link Whisper Free security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

CVE-2025-11269

CVE-2025-11269 affects the WordPress plugin Product Filter by WBW (versions

CVE-2025-10901 Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table'

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to improper access control to OpenAPI. An attacker can retrieve sensitive OpenAPI YAML files by sending a specially crafted URL. Remediation Upgrade com.liferay:com.liferay.portal.security.auth.verifier to...

CVE-2025-62019

Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through = 3.4.8...

CVE-2025-53424

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-52738 WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through = 1.15.0...

CVE-2025-49910 WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...

PT-2025-43186

Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions through 2.8.3 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations...

CVE-2025-42939

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

CVE-2025-10303

CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...

CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...