CVE-2025-53424

Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through = 5.4...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-52738 WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wikipedia Preview: from n/a through = 1.15.0...

CVE-2025-49910 WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPGuppy: from n/a through = 1.1.4...

PT-2025-43186

Name of the Vulnerable Software and Affected Versions WPeMatico RSS Feed Fetcher versions through 2.8.3 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations...

CVE-2025-42939

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

CVE-2025-10303

CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...

CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

CVE-2025-42939

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

PT-2025-41617

Name of the Vulnerable Software and Affected Versions Drupal Facets versions 0.0.0 through 2.0.9 Drupal Facets versions 3.0.0 through 3.0.0 Description A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob 5.1.2 and earlier versions, which stems from a lack of authorization checking ...

CVE-2025-9561

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider handler in versions 3.8.1 to 3.8.2. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2025-11228 GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Association

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerAssociateFormsWithCampaign function in all versions up to, and including, 4.10.0. This makes it possible for unauthenticat...

EUVD-2024-35431

Malicious code in bioql PyPI...

EUVD-2025-28054

Malicious code in bioql PyPI...

EUVD-2025-31284

Malicious code in bioql PyPI...

EUVD-2025-28327

Malicious code in bioql PyPI...

EUVD-2025-30736

Malicious code in bioql PyPI...

WordPress Plugin Acclectic Media Organizer Authorization Missing Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization missing vulnerability exists in the WordPress plugin Acclectic Media Organizer...

CVE-2025-60116

Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.4...