EUVD-2025-205984

Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7...

CVE-2025-63016

QuadLayers TikTok Feed (QuadLayers TikTok Feed) is affected by CVE-2025-63016 due to Missing Authorization/Access Control weaknesses. The WordPress plugin (QuadLayers TikTok Feed) is listed as affected and the Patch Status is Unpatched in the vulnerability details, with a CVSS v3.1 base score of ...

CVE-2025-62081 WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through =...

WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...

WordPress plugin Simple Like Page 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action vulnerability

Missing Authorization to Unauthenticated 'ntzcrmaddnewtag' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...

WordPress plugin Countdowner for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-69027

Technical details about CVE-2025-69027 are not publicly available in the provided documents. Monitor for vendor advisories and updates.

CVE-2025-69009

CVE-2025-69009 is a Missing Authorization vulnerability in Medical Equipment eCommerce WordPress Theme (

Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response

Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...

Job API exposed without authorization

This report is not public...

CVE-2025-36192

IBM DS8A00 R10.1 10.10.106.0 and IBM DS8A00 R10.0 10.1.3.010.2.45.0 and IBM DS8900F R9.4 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy / GDPS...

CVE-2025-68581

Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through = 1.0.11...

CVE-2025-68508

Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through = 0.8.3...

CVE-2025-68595

Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through = 1.8...

CVE-2025-68589 WordPress WP Telegram Widget and Join Link plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.12...

CVE-2023-40679 WordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3...

WordPress plugin H5P 安全漏洞

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

CVE-2025-12820

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...

CVE-2025-12820 Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update

The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them...