Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6400 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-30881 2 Themehunk, Wordpress 2 Big Store, Wordpress 2026-01-09 4.3 Medium
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8.
CVE-2025-30990 1 Themehunk 1 Mega Menu 2026-01-09 4.3 Medium
Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
CVE-2025-14172 2 Infosatech, Wordpress 2 Wp Page Permalink Extension, Wordpress 2026-01-09 6.5 Medium
The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to `wp_ajax_cwpp_trigger_flush_rewrite_rules`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to flush the site's rewrite rules via the `action` parameter.
CVE-2022-40218 1 Themehunk 1 Advance Product Search 2026-01-09 6.5 Medium
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.
CVE-2024-37505 1 Rarathemes 1 Business One Page 2026-01-09 4.3 Medium
Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9.
CVE-2025-9637 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-01-09 6.5 Medium
The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload.
CVE-2025-13679 2 Themeum, Wordpress 2 Tutor Lms, Wordpress 2026-01-09 6.5 Medium
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate order IDs and exfiltrate sensitive data (PII), such as student name, email address, phone number, and billing address.
CVE-2026-0674 2 Campaign Monitor, Wordpress 2 For Wordpress, Wordpress 2026-01-09 N/A
Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0.
CVE-2025-22715 2 Loopus, Wordpress 2 Wp Attractive Donations System, Wordpress 2026-01-09 8.1 High
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
CVE-2025-14360 1 Wordpress 1 Wordpress 2026-01-09 9.8 Critical
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15.
CVE-2026-0676 1 Wordpress 1 Wordpress 2026-01-09 N/A
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7.
CVE-2025-14358 1 Wordpress 1 Wordpress 2026-01-09 9.8 Critical
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.
CVE-2025-67926 1 Wordpress 1 Wordpress 2026-01-09 8.8 High
Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.
CVE-2025-67913 2 Aruba, Wordpress 2 Aruba Hispeed Cache, Wordpress 2026-01-09 9.8 Critical
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.
CVE-2025-67917 1 Wordpress 1 Wordpress 2026-01-09 8.1 High
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
CVE-2026-22522 1 Wordpress 1 Wordpress 2026-01-09 6.5 Medium
Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3.
CVE-2026-22487 1 Wordpress 1 Wordpress 2026-01-09 4.3 Medium
Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2.
CVE-2026-22517 2 Passionate Brains, Wordpress 2 Ga4wp, Wordpress 2026-01-09 5.4 Medium
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.
CVE-2026-22488 1 Wordpress 1 Wordpress 2026-01-09 5.3 Medium
Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.
CVE-2026-22486 2 Hakob, Wordpress 2 Re Gallery Responsive Photo Gallery Plugin, Wordpress 2026-01-09 5.3 Medium
Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18.