21429 matches found
CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
CVE-2025-14982
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
CVE-2025-14982
The CVE-2025-14982 entry concerns the WordPress Booking Calendar plugin (versions ≤ 10.14.11). The vulnerability is Missing Authorization that enables an authenticated attacker with Subscriber privileges or higher to view all booking records and PII (names, emails, phones, addresses, payment stat...
CVE-2025-64729 AVEVA Process Optimization Missing Authorization
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...
CVE-2025-64729 AVEVA Process Optimization Missing Authorization
The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...
PT-2026-3214
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
SAP NetWeaver AS ABAP Missing Authorization Check (3688703)
The remote SAP NetWeaver ABAP server is affected by a authorization check vulnerability as referenced in the 3688703 advisory. - Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form...
WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) AI Access Token and Credit Disclosure vulnerability
WordPress All in One SEO - Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin = 4.9.2 - Missing Authorization to Authenticated Contributor+ AI Access Token and Credit Disclosure vulnerability discovered by NosleeP++ in WordPress Plugin All In One SEO Pack versions = 4.9.2...
CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...
CVE-2026-23495 Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing
Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties are configurable metadata definitions e.g., name, key, typ...
CVE-2025-13859 AffiliateX 1.0.0 - 1.3.9.3 - Authenticated (Subscriber+) Missing Authorization to Stored Cross-Site Scripting via save_customization_settings
The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savecustomizationsettings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-12895 Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
CVE-2025-12895
CVE-2025-12895 concerns Kalium 3 (Creative WordPress & WooCommerce Theme) before version 3.29. The issue is an unauthorized email sending capability due to a missing authorization check in kalium_vc_contact_form_request(), allowing unauthenticated actors to use the site as an open mail relay to s...
CVE-2025-14173
The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...
CVE-2025-14173
The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...
CVE-2025-15475
CVE-2025-15475 affects the PayHere Payment Gateway Plugin for WooCommerce (WordPress). The issue arises from improper validation in the check_payhere_response function, allowing unauthenticated attackers to modify data and change the status of pending WooCommerce orders to paid/completed/on hold ...
EUVD-2026-2532
The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...
CVE-2025-14173 Perfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion
The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admininit. This makes it possible for unauthenticated...
CVE-2025-14173
CVE-2025-14173 concerns the Perfit WooCommerce plugin for WordPress. The vulnerability is due to missing authorization on the logout function invoked through the actions hook on admin_init, affecting all versions up to and including 1.0.1. This enables unauthenticated attackers to delete arbitrar...
CVE-2025-15512
The CVE-2025-15512 entry describes a vulnerability in the WordPress Aplazo Payment Gateway plugin (versions up to and including 1.4.2) where a missing capability check in check_success_response() allows unauthenticated attackers to modify any WooCommerce order to the pending payment status. Multi...