CVE-2025-58919

CVE-2025-58919 is a Missing Authorization vulnerability affecting WordPress Wide Banner plugin versions up to 1.0.4. The issue arises from improperly configured access control, resulting in insufficient authorization checks (Broken Access Control). Public sources in the dataset identify Wide Bann...

WordPress plugin Nota Fiscal Eletrônica WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress Plugin CP Multi View Event Calendar Authorization Missing Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An authorization missing vulnerability exists in the WordPress plugin CP Multi View Event...

CVE-2025-57899 WordPress WP Compress Plugin <= 6.50.54 - Broken Access Control Vulnerability

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Compress: from n/a through = 6.50.54...

CVE-2025-58258

CVE-2025-58258 is a Missing Authorization issue in the WordPress plugin Lazy Blocks (Custom Block Builder). Affected: Lazy Blocks versions 4.1.0 and earlier. Root cause per the document is improper access control that allows unauthorized actions due to configured security levels. The CVE is docum...

CVE-2025-58650

CVE-2025-58650 is a Missing Authorization vulnerability in All In One SEO Pack for WordPress. Connected source shows affected software as All In One SEO Pack via versions up to 4.8.7, with a CVSS v3.1 base score of 5.4 (Network, Low attack complexity, Privileges required: Low, User interaction: N...

WordPress plugin Qubely 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-38772

Name of the Vulnerable Software and Affected Versions N-Media Frontend File Manager versions through 23.2 Description An authorization issue exists in N-Media Frontend File Manager due to incorrectly configured access control security levels. This allows for exploitation of the system...

CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

Liferay Portal allows remote attackers to view display page templates via crafted URLs

Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when users attempt to view a display page template, which allows remote attackers to view display page...

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

CVE-2025-58976

Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through = 1.31.0...

CVE-2025-55144

Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote authenticated attacker with read-only admin...

CVE-2025-53348

Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through = 3.18.3...

CVE-2025-36756

The CVE-2025-36756 entry describes a missing-authorization vulnerability in the SolaX Cloud platform that could allow takeover of a known-serial-number SolaX solar inverter. Affected component is the SolaX Cloud platform beneath the inverter management flow; root cause is insufficient access cont...

CVE-2025-58978

CVE-2025-58978 affects the PDF Generator for WordPress plugin (versions up to 1.5.4). The root cause is missing/incorrect authorization checking leading to broken access control, enabling exploitation of access levels due to misconfigured controls. Multiple sources confirm the vulnerability and p...

CVE-2025-53340 WordPress Awesome Support plugin <= 6.3.6 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Retrieve Embedded Sensitive Data.This issue affects Awesome Support: from n/a through = 6.3.6...

GHSA-W2PF-7Q5W-2CGW TYPO3 Workspaces Module Information Disclosure

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...

CVE-2025-59019 Information Disclosure via CSV Download

Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them...

CVE-2025-59019

Missing authorization checks in TYPO3’s CSV download feature (CVE-2025-59019) allows backend users to disclose information from arbitrary database tables within their web mounts. Affected are TYPO3 CMS versions: 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. Root cause is an authorization ga...