21389 matches found
CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...
CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...
CVE-2025-68043
CVE-2025-68043 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin LottieFiles (versions <= 3.0.0). The NVD and nuclei/patch sources describe an insecure access control configuration that lets an attacker bypass authorization and access or modify restricted...
CVE-2025-68032
CVE-2025-68032 (WordPress Advanced WC Analytics
CVE-2025-68028
CVE-2025-68028 is a confirmed missing authorization/broken access control issue in the WordPress plugin GA4WP – Analytics Dashboard for the Website (ga-for-wp) up to version 2.10.0 . The Red Hat and CVE records, plus NVD entries, describe a vulnerability allowing exploitation due to misconfigured...
CVE-2025-68042
CVE-2025-68042 is a Missing Authorization vulnerability in the WordPress Travelpayouts plugin, affecting versions up to and including 1.2.2 (per NVD/Red Hat/CVE lists). The issue is described as broken access control allowing exploitation due to incorrectly configured access control security leve...
CVE-2025-68026
CVE-2025-68026 affects the WordPress LC Wizard (GHL Wizard/Connector Wizard) plugin, with affected versions listed as 2.1.1 and earlier. The vulnerability is described as a Missing Authorization issue that allows unauthenticated setting updates due to incorrectly configured access control. Public...
CVE-2025-68024 WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through = 2.0.15...
CVE-2025-68026 WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...
CVE-2025-68023
CVE-2025-68023 is a Missing Authorization vulnerability in the WordPress plugin Addonify – Compare Products For WooCommerce (versions up to 1.1.17). Public sources in the connected documents describe an unauthenticated setting update access, allowing an attacker to modify plugin settings due to i...
CVE-2025-68025 WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through = 1.2.17...
CVE-2025-68026 WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through = 2.1.1...
CVE-2025-68025
CVE-2025-68025 describes a Missing Authorization vulnerability in the WordPress plugin Addonify Floating Cart For WooCommerce (versions up to 1.2.17). The Red Hat/NVD entries and Patchstack/ PT Security details confirm a broken/badly configured access control that could allow unauthorized access....
CVE-2025-68021 WordPress ConveyThis plugin <= 269.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through = 269.9...
CVE-2025-68005
CVE-2025-68005 affects the WordPress plugin Easy Hotel Booking (the ThemeWant/Easy-Hotel integration). Description indicates a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels, potentially allowing unauthorized access. Public...
CVE-2025-68022 WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through = 3.1.6...
CVE-2025-68005 WordPress Easy Hotel Booking plugin <= 1.9.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.2...
CVE-2025-68005 WordPress Easy Hotel Booking plugin <= 1.9.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.2...
CVE-2025-68022 WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through = 3.1.6...
CVE-2025-68021
CVE-2025-68021 is a Missing Authorization / Broken Access Control vulnerability in the WordPress ConveyThis Translate plugin ( ConveyThis conveythis-translate ), affecting versions up to and including 269.6. The issue enables exploitation via access-control misconfigurations, with a CVSS v3.1 bas...