Medium
CVE-2025-66089
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product…
Tag: Security Misconfiguration
All CVEs associated with "Security Misconfiguration". Page 13/50 • 5958 CVEs.
Subscribe CVEs: RSS for “Security Misconfiguration” · RSS (High+Critical only)
About “Security Misconfiguration”
A curated feed of “Security Misconfiguration”-related CVEs appears below. We currently track 5958 CVEs for this tag (all time). In the last 365 days, 2192 were published. Average CVSS is 5.9 (all time; 5.8 over 365d), and 26% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-284 - Improper Access Control, CWE-266 - Incorrect Privilege Assignment.
In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-11-21
Medium
CVE-2025-66087
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a throug…
Medium
CVE-2025-66086
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order N…
Medium
CVE-2025-66085
Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix Shortcod…
Medium
CVE-2025-66084
Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentCommunity: fro…
Medium
CVE-2025-66083
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through…
Medium
CVE-2025-66082
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through…
Medium
CVE-2025-66079
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a t…
Medium
CVE-2025-66077
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6.
Medium
CVE-2025-66075
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.Th…
Medium
CVE-2025-66072
Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47.
Medium
CVE-2025-66071
Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels…
Medium
CVE-2025-66069
Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for Woo…
Medium
CVE-2025-66065
Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.
Medium
CVE-2025-66063
Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP G…
Medium
CVE-2025-66060
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
Medium
CVE-2025-13149
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
2025-11-20
High
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
Medium
CVE-2025-52670
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
Medium
CVE-2025-13468
A weakness has been identified in SourceCodester Alumni Management System 1.0. This issue affects the function delete_forum/delete_career/delete_comment/delete_gallery/delete_event of the file admin/…
Medium
CVE-2025-13443
A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results…
2025-11-18
High
CVE-2025-37155
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerabilit…
High
CVE-2025-12955
The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking p…
Medium
CVE-2025-12481
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized…
Medium
CVE-2025-11734
The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up…
Medium
CVE-2025-12372
The Permalinks Cascade plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.2. This is due to the plugin not properly verifying that a user is authorize…
2025-11-16
Medium
CVE-2025-13250
A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in impro…
2025-11-15
Medium
CVE-2025-12847
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization…
2025-11-14
Medium
CVE-2023-7328
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, includ…
2025-11-13
Medium
CVE-2025-46362
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vul…
Low
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATIS…
Medium
CVE-2025-64384
Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a th…
Medium
CVE-2025-64382
Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Level…
Medium
CVE-2025-64379
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooC…
Medium
CVE-2025-64370
Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.
Medium
CVE-2025-64369
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Emai…
Medium
CVE-2025-64277
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
Medium
CVE-2025-64276
Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5…
Medium
CVE-2025-64274
Missing Authorization vulnerability in wpkoithemes WPKoi Templates for Elementor wpkoi-templates-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec…
Medium
CVE-2025-64269
Missing Authorization vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wo…
Medium
CVE-2025-64265
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File…
Medium
CVE-2025-64263
Missing Authorization vulnerability in PluginEver WP Content Pilot wp-content-pilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Content Pilot: from n…
Medium
CVE-2025-64261
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…
Medium
CVE-2025-64259
Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: fr…
2025-11-12
Critical
CVE-2025-46608
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leadin…
High
CVE-2025-13063
A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit…
Medium
CVE-2025-64407
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without…
High
CVE-2025-64405
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without…
High
CVE-2025-64404
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be…
High
CVE-2025-64403
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a…
Medium
CVE-2025-64402
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without…
High
CVE-2025-64401
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without…
Medium
CVE-2025-12732
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting() fu…
2025-11-11
High
CVE-2025-60705
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
High
CVE-2025-59512
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
Medium
CVE-2025-47179
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
High
CVE-2025-30398
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
Low
CVE-2025-32037
Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Network adversary with a privileged user combined with a high…
Medium
CVE-2025-24516
Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a…
Low
CVE-2025-24314
Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a…
Medium
CVE-2025-22391
Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combin…
Medium
CVE-2025-42882
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restric…
2025-11-10
Critical
CVE-2025-12480
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.
Medium
CVE-2025-64687
In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic
High
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/fore…
Medium
CVE-2025-12924
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/Ban…
2025-11-06
Medium
CVE-2025-12808
Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue…
Medium
CVE-2025-62914
Missing Authorization vulnerability in anibalwainstein Effect Maker effect-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Effect Maker: from n/a thro…
Medium
CVE-2025-62049
Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through <= 3.5.32.
Medium
CVE-2025-62046
Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.
Medium
CVE-2025-62037
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
Medium
CVE-2025-62033
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
Medium
CVE-2025-62028
Missing Authorization vulnerability in ThemeNectar Salient salient.This issue affects Salient: from n/a through < 17.4.0.
Medium
CVE-2025-62018
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0.
Medium
CVE-2025-62017
Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0.
Medium
CVE-2025-60247
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.…
Medium
CVE-2025-5803
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.
Medium
CVE-2025-58986
Missing Authorization vulnerability in ganddser Jock On Air Now (JOAN) joan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jock On Air Now (JOAN): from n/a…
High
CVE-2025-58629
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0…
Medium
CVE-2025-58243
Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0.
High
CVE-2025-58207
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This is…
High
CVE-2025-54711
Missing Authorization vulnerability in bPlugins Info Cards info-cards allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Info Cards: from n/a through <= 1.0.11.
Medium
CVE-2025-53246
Missing Authorization vulnerability in Gaurav Aggarwal Backup and Move backup-and-move allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup and Move: from…
Medium
CVE-2025-53214
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This is…
High
CVE-2025-49394
Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.Th…
Medium
CVE-2025-39465
Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google M…
2025-11-05
Medium
CVE-2025-58337
An attacker with a valid read-only account can bypass Doris MCP Server’s read-only mode due to improper access control, allowing modifications that should have been prevented by read-only restriction…
Medium
CVE-2025-12469
The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. T…
Medium
CVE-2025-10873
The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_a…
2025-11-04
Medium
CVE-2025-11758
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin e…
High
CVE-2025-11724
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validati…
2025-11-03
Medium
CVE-2025-63293
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view o…
Medium
CVE-2025-36093
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to impro…
Medium
CVE-2025-64294
Missing Authorization vulnerability in d3wp WP Snow Effect wp-snow-effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through <= 1.1.19.
2025-11-01
Medium
CVE-2025-12180
The Qi Blocks plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.3. This is due to the plugin storing arbitrary CSS styles submitted via the `qi-blo…
Medium
CVE-2025-12367
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.3.1. This is due to the plugin not properly verifying that a user is autho…
2025-10-31
Medium
CVE-2025-64358
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…
Medium
CVE-2025-64356
Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Co…
Low
CVE-2025-64352
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issu…
Low
CVE-2025-64350
Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a…
2025-10-30
High
CVE-2024-14009
Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capabilit…
Critical
CVE-2024-13994
Nagios XI versions prior to 2024R1.1.2 contain a missing authorization control when the 'Allow Insecure Logins' option is enabled. Under this configuration, any user can create valid login credential…
High
CVE-2023-7317
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface with…
High
CVE-2025-61120
AG Life Logger Android App version v1.0.2.72 and before (package name com.donki.healthy), developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic m…
High
CVE-2025-61119
Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and…
High
CVE-2025-61114
2nd Line Android App version v1.2.92 and before (package name com.mysecondline.app), developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism.…
Medium
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
High
CVE-2025-61118
mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily reg…
High
CVE-2025-61117
Senza: Keto & Fasting Android App version 2.10.15 (package name com.gl.senza), developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user dat…
High
CVE-2025-61116
AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mec…
High
CVE-2025-61115
ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability in its…
High
CVE-2025-61113
TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as device…
High
CVE-2025-9954
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.
2025-10-29
Medium
CVE-2025-64285
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security L…
Medium
CVE-2025-64234
Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…
Medium
CVE-2025-64229
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client I…
Medium
CVE-2025-64219
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business…
Medium
CVE-2025-64212
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This i…
Medium
CVE-2025-64211
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ma…
Medium
CVE-2025-64210
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…