CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9...

CVE-2025-39390

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through = 2.3.6...

CVE-2025-39580

Missing Authorization vulnerability in jidaikobo Dashi dashi allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dashi: from n/a through = 3.1.8...

CVE-2025-26953

CVE-2025-26953 is a Missing Authorization vulnerability in Crocoblock JetMenu (JetMenu for Elementor) affecting versions up to and including 2.4.9. The issue allows accessing functionality not constrained by ACLs, with CVSS v3.1 base score 7.5 (Network, Low attack complexity, No privileges requir...

CVE-2025-26942 WordPress JetTricks plugin <= 1.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetTricks jet-tricks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetTricks: from n/a through = 1.5.1...

CVE-2025-31012 WordPress Age Gate plugin <= 3.5.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Phil Age Gate age-gate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Age Gate: from n/a through = 3.5.4...

CVE-2025-28872

Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through = 2.2.4...

CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

CVE-2024-38783

CVE-2024-38783 concerns the WordPress plugin Arconix FAQ (

CVE-2023-48747 WordPress Booster for WooCommerce plugin <= 7.1.2 - Authenticated Production Creation/Modification Vulnerability

Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2...

CVE-2023-47769 WordPress WP Maintenance plugin <= 6.1.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3...

CVE-2023-41183

The CVE-2023-41183 issue affects NETGEAR Orbi 760 routers, where the SOAP API implementation lacks authentication, enabling network-adjacent attackers to bypass authentication and access protected functionality. The NVD/NIST records (and ZDI) confirm an authentication bypass with CVSSv3.0 metrics...

CVE-2023-51405

Improper Authentication vulnerability in Repute Infosystems BookingPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BookingPress: from n/a through 1.0.74...

CVE-2024-1144 Improper Access Control at Alma Devklan Blog

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...

Authorization

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9...

PT-2023-26652 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 April 2023 Description: The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a...

CVE-2023-33363

An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers...

Schneider Electric APC Easy UPS Online updatePassword Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatePassword function. The issue results from the lack of...

Delta Industrial Automation InfraSuite Device Master APRunning Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gateway endpoint, which listens on TCP...

ManageEngine NetFlow Analyzer getUserAPIKey Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine NetFlow Analyzer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authenticati...