| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through <= 1.3.7. |
| Missing Authorization vulnerability in App Cheap App Builder app-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Builder: from n/a through <= 5.5.6. |
| Missing Authorization vulnerability in Renzo Johnson Contact Form 7 AWeber Extension integrate-contact-form-7-and-aweber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 AWeber Extension: from n/a through <= 0.1.40. |
| Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through <= 1.13. |
| Missing Authorization vulnerability in thanhtungtnt Video List Manager video-list-manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Video List Manager: from n/a through <= 1.7. |
| Missing Authorization vulnerability in mahabub81 User Roles and Capabilities user-roles-and-capabilities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Roles and Capabilities: from n/a through <= 1.2.6. |
| Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through <= 1.0.6. |
| Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through <= 4.0.1. |
| Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.12. |
| Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through <= 2.1.1. |
| Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes image-sizes-controller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through <= 1.0.10. |
| Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through <= 1.2. |
| Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through <= 1.0.6. |
| Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2. |
| Missing Authorization vulnerability in Breeze Team Breeze Checkout breeze-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze Checkout: from n/a through <= 1.4.0. |
| Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0. |
| WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access token, container ID, and Instagram account ID, and passes them directly to the Graph API via InstagramUploader::publishMediaIfIsReady(). This allows any unauthenticated user to make arbitrary Graph API calls through the server, potentially using stolen tokens or abusing the platform's own credentials. |
| Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2. |
| Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through <= 2.10. |
| Missing Authorization vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MultiVendorX: from n/a through <= 4.2.23. |
