Lucene search
K

21413 matches found

RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.6 views

CVE-2025-22715

Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: fro...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.2 views

CVE-2026-0676

Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.3 views

CVE-2026-22517

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.4 views

CVE-2026-22522

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.4 views

CVE-2026-22490

Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through = 2.4.9...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.4 views

CVE-2026-22492

Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through = 24.07.04...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.7 views

CVE-2026-22487

Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through = 2.0.2...

4.3CVSS5.9AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.3 views

CVE-2026-22486

Missing Authorization vulnerability in Re Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through 1.18.9...

5.3CVSS5.1AI score0.00269EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/09 8:29 p.m.247 views

Exploit for Missing Authorization in Givewp

CVE-2025-2025-52691-SmarterMail-Exp Environment Setup S...

7.5CVSS7.2AI score0.00583EPSS
Exploits1
OSV
OSV
added 2026/01/09 4:16 p.m.2 views

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

5.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/01/09 4:16 p.m.6 views

CVE-2026-0817

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

5.3CVSS0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/09 3:50 p.m.4 views

CVE-2026-0817 CampaignEvents API missing authorization exposes meeting and chat URLs

Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39...

6.7AI score0.0025EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.6 views

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

8.8CVSS6.8AI score0.0205EPSS
Exploits1References1
NVD
NVD
added 2026/01/09 12:15 p.m.12 views

CVE-2025-14172

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS0.00376EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:19 a.m.10 views

CVE-2021-22513

Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks...

6.5CVSS6.7AI score0.01183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 11:15 a.m.6 views

CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS5.2AI score0.00376EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/09 11:15 a.m.33 views

CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS0.00376EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/09 11:15 a.m.25 views

CVE-2025-13717 Contact Form vCard Generator <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter

The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wpgvccfcheckdownloadrequest' function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive...

5.3CVSS0.00321EPSS
Exploits0References5
CVE
CVE
added 2026/01/09 11:15 a.m.23 views

CVE-2025-14172

The CVE-2025-14172 entry concerns the WP Page Permalink Extension WordPress plugin (affected versions up to and including 1.5.4). The vulnerability is a Missing Authorization issue in the cwpp_trigger_flush_rewrite_rules function tied to the wp_ajax_cwpp_trigger_flush_rewrite_rules AJAX action, e...

6.5CVSS5.2AI score0.00376EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/09 10:4 a.m.1 views

CVE-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

7.1CVSS6.3AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder