CVE-2023-41802

CVE-2023-41802 affects WordPress Plugin Super Socializer (Team Heateor) up to version 7.13.54. It is a Missing Authorization / Broken Access Control vulnerability enabling exploitation of improperly configured access control security levels. Public sources in Connected documents confirm affected ...

CVE-2023-41695

CVE-2023-41695 is a WordPress plugin issue in Analytify (

CVE-2023-41690

CVE-2023-41690: WordPress WiserNotify Social Proof plugin <= 2.5 suffers a Broken Access Control flaw that allows unauthenticated access due to missing authorization checks. The CVE is tracked for WiserNotify Social Proof (WordPress plugin). Connected sources confirm affected versions up to 2....

CVE-2023-41688

CVE-2023-41688 affects WordPress Bulk NoIndex & NoFollow Toolkit (Mad Fish Digital) up to version 1.5, due to Broken Access Control / Missing Authorization. Public sources list a CVSS v3.1 base score of 5.4 (Medium) with network attack vector and low privileges required. Patchstack notes the fix ...

CVE-2023-41686

CVE-2023-41686: WordPress Woocommerce Support System plugin (versions

CVE-2023-41683

CVE-2023-41683 (TelSender WordPress plugin) : The vulnerability is a Missing Authorization flaw in TelSender that allows exploitation of an incorrectly configured access control security level. Affected: TelSender versions

CVE-2023-41664

CVE-2023-41664 corresponds to a Missing Authorization flaw in the WordPress plugin Easy Newsletter Signups (

CVE-2023-41133

CVE-2023-41133 is a WordPress plugin vulnerability in Secure Admin IP (versions

CVE-2023-41132

CVE-2023-41132 relates to the WordPress plugin Category Slider for WooCommerce (

CVE-2023-41130

CVE-2023-41130 concerns the WordPress plugin Premmerce User Roles (Premmerce) where a missing authorization check in role-management functions leads to a Broken Access Control vulnerability. Affected versions are

CVE-2023-40005

Technical details (affected product, vulnerable components, root cause, impact, and fix) are not provided in the supplied documents. Monitor for updates from official advisories and vendors for CVE-2023-40005.

CVE-2023-40003

CVE-2023-40003 is a Broken Access Control vulnerability in the WP Project Manager WordPress plugin (versions

CVE-2023-38514

CVE-2023-38514 concerns a Missing Authorization vulnerability in the WordPress plugin Social Share Icons & Social Share Buttons , affecting versions up to 3.5.7. Multiple connected sources describe a broken access-control/unauthorized action scenario, caused by a missing authorization check in th...

CVE-2023-35037

CVE-2023-35037 affects the WordPress Surfer plugin (surferseo): Broken access control in Surfer

CVE-2023-33324

CVE-2023-33324 is a Missing Authorization/Broken Access Control vulnerability in WordPress plugin Easy Captcha (versions up to 1.0). The issue arises from insufficient access checks, enabling unauthorized entities to perform restricted actions. The vulnerability affects Easy Captcha

CVE-2023-33215

CVE-2023-33215 affects the WordPress Taggbox widget/plugin, specifically versions

CVE-2023-37395

CVE-2023-37395 affects IBM Aspera Faspex 5.0.0–5.0.7, where a local user could obtain sensitive information due to improper encryption of certain data. The Red Hat and other security sources corroborate an information disclosure vulnerability in Faspex 5.x, with the IBM bulletin explicitly listin...

CVE-2023-48277

CVE-2023-48277 affects the WordPress plugin Super Progressive Web Apps (up to version 2.2.21). The vulnerability is a Broken Access Control caused by missing authorization in the newsletter submission AJAX path, allowing unauthenticated users to subscribe to the plugin author’s newsletter. The ve...

CVE-2023-22701

CVE-2023-22701 affects WordPress Ebook Store plugin (≤ 5.775). The root cause is Missing Authorization / Broken Access Control allowing unauthenticated access to ebook_store_export_orders, potentially exposing order data. NVD CVSSv3.1 base score is 9.8 (CRITICAL); patch notes indicate fix in v5.7...

CVE-2023-25455

CVE-2023-25455 is a Missing Authorization vulnerability in the miniOrange WordPress Social Login and Register plugin (Discord, Google, Twitter, LinkedIn) affecting versions up to 7.6.0. The issue allows unauthenticated actors to perform Arbitrary Content Deletion due to incorrectly configured acc...