21390 matches found
CVE-2025-68021
CVE-2025-68021 is a Missing Authorization / Broken Access Control vulnerability in the WordPress ConveyThis Translate plugin ( ConveyThis conveythis-translate ), affecting versions up to and including 269.6. The issue enables exploitation via access-control misconfigurations, with a CVSS v3.1 bas...
CVE-2025-68022
CVE-2025-68022 corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin BlueX for WooCommerce, affected versions up to 3.1.6. Public sources (Patchstack, Red Hat, CVE records) describe an incorrectly configured access control security level that could b...
CVE-2025-68005
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.3...
CVE-2025-68021 WordPress ConveyThis plugin <= 269.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through = 269.9...
CVE-2025-68000 WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through = 2.0.15...
CVE-2025-68000
CVE-2025-68000 is a Missing Authorization (Broken Access Control) vulnerability in PickPlugins Testimonial Slider for WordPress, affecting version(s) up to 2.0.15. Public sources (NVD/Red Hat/CVE) confirm the issue and version range. PT-Security recommends upgrading to a version later than 2.0.15...
CVE-2025-67993
CVE-2025-67993 (Atarim Visual Collaboration) affects Atarim plugin for WordPress up to version 4.2.1, due to a Missing Authorization flaw that allows exploiting incorrectly configured access control levels. Red Hat and CVE sources confirm a broken access control vulnerability with patched status ...
CVE-2025-67994 WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through = 3.3...
CVE-2025-67993 WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.2.1...
CVE-2025-67993 WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.2.1...
CVE-2025-67994
CVE-2025-67994 is a confirmed Missing Authorization vulnerability in the WordPress plugin YayCurrency (YayCommerce YayCurrency) affecting YayCurrency versions up to and including 3.3, allowing unauthorized content deletion. Red Hat/NVD/NVD-derived and CVE databases reference the same issue; Wordf...
CVE-2025-67994 WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through = 3.3...
CVE-2025-67975 WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through = 3.0.3...
CVE-2025-67975 WordPress aDirectory plugin <= 3.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through = 3.0.3...
CVE-2025-67977 WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...
CVE-2025-67977
CVE-2025-67977 describes a Missing Authorization vulnerability in the WordPress plugin “HAPPY – Helpdesk Support Ticket System” (versions up to and including 1.0.8). According to Red Hat/NVD/CVE records, the flaw is a Broken Access Control via incorrectly configured access levels, enabling unauth...
CVE-2025-67977 WordPress HAPPY plugin <= 1.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...
CVE-2025-67975
CVE-2025-67975 is a Missing Authorization (Broken Access Control) vulnerability affecting the WordPress plugin aDirectory up to version 3.0.3. The issue stems from incorrectly configured access control security levels, enabling unauthorized access due to Missing Authorization and Broken Access Co...
CVE-2025-67974
CVE-2025-67974 is a Missing Authorization (Broken Access Control) vulnerability in WordPress plugin WP Legal Pages WPLegalPages, affecting versions up to 3.5.4. The issue arises from incorrectly configured access control security levels, enabling unauthorized access under certain conditions. Repo...
CVE-2025-67973
CVE-2025-67973 describes a Missing Authorization (Broken Access Control) issue in the WordPress plugin Sunshine Photo Cart, affecting Sunshine Photo Cart up to version 3.5.6.2. Public reports from Red Hat and NVD corroborate a misconfigured access control allowing unauthorized access within Sunsh...