21406 matches found
CVE-2025-68016 WordPress onepay Payment Gateway For WooCommerce plugin <= 1.1.2 - Other Vulnerability Type vulnerability
Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through = 1.1.2...
CVE-2025-68013 WordPress Payment Gateway Authorize.Net CIM for WooCommerce plugin <= 2.1.2 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through = 2.1.2...
CVE-2025-68013
CVE-2025-68013 concerns the WordPress plugin Payment Gateway Authorize.Net CIM for WooCommerce (authnet-cim-for-woo). Red Hat and CVE records describe a Missing Authorization vulnerability due to incorrectly configured access control security levels, potentially allowing arbitrary content/content...
CVE-2025-68009 WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...
CVE-2025-68009
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...
CVE-2025-68009
CVE-2025-68009 is a Missing Authorization vulnerability in the WordPress plugin Slider Templates (slider-templates), affecting versions up to and including 1.0.3. The issue allows access to functionality not properly constrained by ACLs. Public references in the connected documents confirm the vu...
CVE-2025-68007 WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68007
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68003
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...
CVE-2025-68003 WordPress Shown Connector plugin <= 1.2.10 - Settings Change vulnerability
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...
CVE-2025-68003
CVE-2025-68003 corresponds to a Missing Authorization vulnerability in the WordPress plugin Shown Connector (renatoatshown Shown Connector) . The Red Hat/NVD/PTSecurity entries and Patchstack report an authorization flaw caused by incorrectly configured access control levels, affecting the plugin...
CVE-2025-67967
CVE-2025-67967 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin e-plugins Lawyer Directory (lawyer-directory) affecting versions up through 1.3.3. Root cause: incorrectly configured access control security levels allowing unauthorized privilege escalation. Pu...
CVE-2025-67967 WordPress Lawyer Directory plugin <= 1.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.3...
CVE-2025-67967 WordPress Lawyer Directory plugin <= 1.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through = 1.3.3...
CVE-2025-67958 WordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through = 8.3.8...
CVE-2025-67958
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through = 8.3.8...
CVE-2025-67956
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.6...
CVE-2025-67958 WordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through = 8.3.8...
CVE-2025-67956 WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.6...
CVE-2025-67958
CVE-2025-67958 affects the TaxCloud for WooCommerce plugin (simple-sales-tax) for WordPress; a broken/misconfigured access control enables missing authorization via vulnerable versions up to and including 8.3.8. Impact details in sources indicate broken access control rather than remote code exec...