Filtered by CWE-639
Filtered by vendor Subscriptions
Total 1604 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-58597 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.6.
CVE-2025-58012 1 Wordpress 1 Wordpress 2026-04-23 3.8 Low
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask content-mask allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Mask: from n/a through <= 1.8.5.3.
CVE-2025-57994 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through <= 1.4.0.
CVE-2025-57886 1 Wordpress 1 Wordpress 2026-04-23 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Equalize Digital Accessibility Checker by Equalize Digital accessibility-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Checker by Equalize Digital: from n/a through <= 1.30.0.
CVE-2025-54691 2 Stylemix, Wordpress 2 Motors, Wordpress 2026-04-23 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through <= 1.4.80.
CVE-2025-53208 1 Wordpress 1 Wordpress 2026-04-23 7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through <= 1.2.0.
CVE-2025-49995 2026-04-23 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.3.1.
CVE-2025-49978 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch wp-jobsearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through < 3.0.6.
CVE-2025-39434 1 Wordpress 1 Wordpress 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through <= 0.1.4.
CVE-2025-31867 2 Joomsky, Wordpress 2 Js Job Manager, Wordpress 2026-04-23 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-31833 1 Wordpress 1 Wordpress 2026-04-23 4.9 Medium
Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-30777 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in DevItems Support Genix support-genix-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Support Genix: from n/a through <= 1.4.11.
CVE-2025-28874 1 Shanebp 1 Bp Email Assign Templates 2026-04-23 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Email Assign Templates: from n/a through <= 1.7.
CVE-2025-26977 1 Ninjateam 1 Filebird 2026-04-23 3.8 Low
Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through <= 6.4.2.1.
CVE-2025-22695 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support nirweb-support.This issue affects Nirweb support: from n/a through <= 3.0.3.
CVE-2024-50483 2 Meetup, Tareqhasan 2 Meetup, Meetup 2026-04-23 9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1.
CVE-2024-47316 1 Salonbookingsystem 1 Salon Booking System 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.
CVE-2024-43266 1 Wpjobportal 1 Wp Job Portal 2026-04-23 5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal.This issue affects WP Job Portal: from n/a through <= 2.1.8.
CVE-2024-43239 1 Masteriyo 1 Masteriyo 2026-04-23 4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
CVE-2026-40896 2 Openproject, Opf 2 Openproject, Openproject 2026-04-23 6.5 Medium
OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with `manage_agendas` permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target project, meeting, or victim is required; the attacker can blindly spray items into every meeting on the instance by iterating sequential section IDs. Version 17.3.0 patches the issue.