Export limit exceeded: 10592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10592 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1883 | 2 Wickedplugins, Wordpress | 2 Wicked Folders – Folder Organizer For Pages, Posts, And Custom Post Types, Wordpress | 2026-04-08 | 4.3 Medium |
| The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders created by other users. | ||||
| CVE-2025-12030 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.3 Medium |
| The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the edit_posts capability without checking object-specific permissions (e.g., edit_post($id), edit_user($id), manage_options). This makes it possible for authenticated attackers, with Contributor-level access and above, to modify ACF fields on posts they do not own, any user account, comments, taxonomy terms, and even the global options page via the /wp-json/acf/v3/{type}/{id} endpoints, granted they can authenticate to the site. | ||||
| CVE-2024-13694 | 1 Moreconvert | 1 Woocommerce Wishlist | 2026-04-08 | 7.5 High |
| The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to. | ||||
| CVE-2025-3292 | 1 Wpeverest | 1 User Registration \& Membership | 2026-04-08 | 4.3 Medium |
| The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email. | ||||
| CVE-2024-13558 | 1 Neahplugins | 1 Np Quote Request For Woocommerce | 2026-04-08 | 7.5 High |
| The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. | ||||
| CVE-2023-7286 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 6.5 Medium |
| The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above. | ||||
| CVE-2025-3810 | 1 Iqonic | 1 Wpbookit | 2026-04-08 | 9.8 Critical |
| The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2024-10695 | 1 Futuriowp | 1 Futurio Extra | 2026-04-08 | 4.3 Medium |
| The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | ||||
| CVE-2025-5482 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-08 | 8.8 High |
| The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account. | ||||
| CVE-2024-12827 | 2026-04-08 | 9.8 Critical | ||
| The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2025-3874 | 1 Tipsandtricks-hq | 1 Wordpress Simple Paypal Shopping Cart | 2026-04-08 | 6.5 Medium |
| The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes. | ||||
| CVE-2025-11176 | 1 Wordpress | 1 Wordpress | 2026-04-08 | 4.3 Medium |
| The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi_set_thumbnail and qfi_delete_thumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to change or remove featured images of other user's posts. | ||||
| CVE-2025-2253 | 2026-04-08 | 9.8 Critical | ||
| The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user's passwords, including administrators if the users email is known. | ||||
| CVE-2024-11350 | 2 Scriptsbundle, Wordpress | 2 Adforest, Wordpress | 2026-04-08 | 9.8 Critical |
| The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2026-1375 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-08 | 8.1 High |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_list_bulk_action()`, `bulk_delete_course()`, and `update_course_status()` functions. This makes it possible for authenticated attackers, with Tutor Instructor-level access and above, to modify or delete arbitrary courses they do not own by manipulating course IDs in bulk action requests. | ||||
| CVE-2025-12353 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2026-04-08 | 5.3 Medium |
| The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled. | ||||
| CVE-2024-8794 | 2 Ba-booking, Booking Algorithms | 2 Ba Book Everything, Ba Book Everything | 2026-04-08 | 5.3 Medium |
| The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user's passwords, including administrators. It's important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible. | ||||
| CVE-2024-10798 | 2 Wordpress, Wproyal | 2 Wordpress, Royal Elementor Addons And Templates | 2026-04-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to. | ||||
| CVE-2024-9305 | 1 Apppresser | 1 Apppresser | 2026-04-08 | 8.1 High |
| The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator. | ||||
| CVE-2026-3124 | 2 Wordpress, Wpchill | 2 Wordpress, Download Monitor | 2026-04-08 | 7.5 High |
| The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary pending orders by exploiting a mismatch between the PayPal transaction token and the local order, allowing theft of paid digital goods by paying a minimal amount for a low-cost item and using that payment token to finalize a high-value order. | ||||