ReportizFlow
Filtered by vendor
Subscriptions
Total
5051 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4703 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-04-08 | 4.3 Medium |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data. | ||||
| CVE-2021-4364 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2026-04-08 | 4.3 Medium |
| The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls. | ||||
| CVE-2021-4361 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2026-04-08 | 8.8 High |
| The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site. | ||||
| CVE-2021-4360 | 1 Wpruby | 1 Controlled Admin Access | 2026-04-08 | 9.9 Critical |
| The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access. | ||||
| CVE-2021-4352 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2026-04-08 | 5.3 Medium |
| The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. | ||||
| CVE-2024-5331 | 1 Soflyy | 1 Breakdance | 2026-04-08 | 4.3 Medium |
| The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions. | ||||
| CVE-2024-10393 | 1 Themeum | 1 Tutor Lms | 2026-04-08 | 5.3 Medium |
| The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | ||||
| CVE-2024-1584 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2026-04-08 | 5.3 Medium |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID. | ||||
| CVE-2024-1370 | 2 Themegrill, Wordpress | 2 Maintenance Page, Wordpress | 2026-04-08 | 5.3 Medium |
| The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails. | ||||
| CVE-2024-0451 | 1 Quantumcloud | 1 Wpbot | 2026-04-08 | 5 Medium |
| The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account. | ||||
| CVE-2024-0324 | 1 Cozmoslabs | 1 Profile Builder | 2026-04-08 | 8.2 High |
| The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. | ||||
| CVE-2023-6968 | 1 Themoneytizer | 1 The Moneytizer | 2026-04-08 | 8.1 High |
| The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-4705 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2026-04-08 | 4.3 Medium |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. | ||||
| CVE-2021-4338 | 1 Duckdev | 1 404 To 301 | 2026-04-08 | 6.4 Medium |
| The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections. | ||||
| CVE-2020-36700 | 1 King-theme | 1 Page Builder Kingcomposer | 2026-04-08 | 8.8 High |
| The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content. | ||||
| CVE-2020-36699 | 1 Quick Page\/post Redirect Project | 1 Quick Page\/post Redirect | 2026-04-08 | 4.3 Medium |
| The Quick Page/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website. | ||||
| CVE-2024-13693 | 1 Kriesi | 1 Enfold | 2026-04-08 | 5.3 Medium |
| The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set. | ||||
| CVE-2024-12370 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-08 | 5.3 Medium |
| The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices. | ||||
| CVE-2024-8269 | 2 Fluxbuilder, Inspireui | 2 Mstore Api, Mstore Api | 2026-04-08 | 7.3 High |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated. | ||||
| CVE-2024-13229 | 1 Rankmath | 1 Seo | 2026-04-08 | 4.3 Medium |
| The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post. | ||||