CVE-2025-68834

CVE-2025-68834 corresponds to a Missing Authorization vulnerability in the WordPress plugin Sync Master Sheet – Product Sync with Google Sheet for WooCommerce (versions through 1.1.3). Red Hat and CVE records describe it as broken access control that allows exploitation due to incorrectly configu...

CVE-2025-68837 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from...

CVE-2025-68834 WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet Product Sync with Google Sheet for WooCommerc...

CVE-2025-68564

CVE-2025-68564 concerns WordPress plugin Sendy (versions up to 3.4.2) with a Missing Authorization/Broken Access Control issue. Public sources collectively describe an access-control misconfiguration that could allow unauthorized actions by an attacker over the network. The CVSS 3.1 vector (AV:N/...

CVE-2025-68542 WordPress Checkout Gateway for IRIS plugin <= 1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through = 1.3...

CVE-2025-68534 WordPress PDF for WPForms plugin <= 6.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 6.3.0...

CVE-2025-68534

CVE-2025-68534 : WordPress PDF for WPForms plugin &lt;= 6.3.0 has a Missing Authorization vulnerability (Broken Access Control) in the pdf-for-wpforms add-on. Root cause: incorrectly configured access control security levels allowing unauthorized PDF access. Impact: potential unauthorized access ...

CVE-2025-68069 WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-68069 WordPress Directorist plugin <= 8.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through = 8.6.6...

CVE-2025-68069

CVE-2025-68069 is a Missing/Broken Access Control vulnerability in the WordPress plugin Directorist (Directorist: AI-Powered Business Directory, Listings & Classified Ads) affecting versions up to 8.6.6. The root cause is incorrectly configured access control security levels, enabling unauthorize...

CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through = 2.23.0...

CVE-2025-68050 WordPress Leadpages plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through = 1.1.3...

CVE-2025-68050

CVE-2025-68050 tracks a Missing Authorization vulnerability in the WordPress Leadpages plugin (versions &lt;= 1.1.3). The issue arises from broken access control/security level configuration, enabling unauthorized access due to an incorrectly configured access control. Affected software: Leadpage...

CVE-2025-68050 WordPress Leadpages plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through = 1.1.3...

CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through = 2.23.0...

CVE-2025-68042 WordPress Travelpayouts plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.2...

CVE-2025-68032 WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through = 3.19.0...

CVE-2025-68028 WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

CVE-2025-68042 WordPress Travelpayouts plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through = 1.2.1...

CVE-2025-68028 WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...