CWE-639 CVEs and Security Vulnerabilities

Filtered by CWE-639

Search

Switch to Advanced Search (Beta)

Total 1329 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68975	1 Wordpress	1 Wordpress	2026-01-20	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2025-68502	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1.
CVE-2025-68071	2 G5theme, Wordpress	2 Essential Real Estate, Wordpress	2026-01-20	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.2.
CVE-2025-68044	2 Rustaurius, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-01-20	8.6 High
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through 2.7.8.
CVE-2025-67985	1 Wordpress	1 Wordpress	2026-01-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Document Library Lite: from n/a through <= 1.1.7.
CVE-2025-67919	2 Wofficeio, Wordpress	2 Woffice Core, Wordpress	2026-01-20	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.
CVE-2025-67909	2 Wordpress, Wpswings	2 Wordpress, Membership For Woocommerce	2026-01-20	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Membership For WooCommerce: from n/a through <= 3.0.3.
CVE-2025-67594	3 Elementor, Thimpress, Wordpress	3 Elementor, Thim Elementor Kit, Wordpress	2026-01-20	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
CVE-2025-66132	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAPI Member: from n/a through <= 2.2.26.
CVE-2025-64283	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.
CVE-2025-64282	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1.
CVE-2025-63053	2 Jeweltheme, Wordpress	2 Master Addons For Elementor, Wordpress	2026-01-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4.
CVE-2025-63043	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-01-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19.
CVE-2025-58627	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through < 2.0.9.
CVE-2025-49952	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-01-20	6.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Houzez: from n/a through <= 4.1.1.
CVE-2025-49352	3 Woocommerce, Wordpress, Yoohw Studio	3 Woocommerce, Wordpress, Order Cancellation & Returns For Woocommerce	2026-01-20	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10.
CVE-2025-49334	1 Wordpress	1 Wordpress	2026-01-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from n/a through 1.3.7.
CVE-2025-10019	2 Codepeople, Wordpress	2 Contact Form Email, Wordpress	2026-01-20	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.
CVE-2025-15370	1 Wordpress	1 Wordpress	2026-01-16	4.3 Medium
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaGoogleAuthToggle class due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disable Google Authenticator for any user.
CVE-2025-1031	1 Utarit	1 Soliclub	2026-01-16	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7.

« first previous Page 10 of 67. next last »