CVE-2025-49403 is a HIGH severity vulnerability in Premium Age Verification / Restriction for WordPress plugin versions <= 3.0.2. It allows unauthenticated arbitrary file downloads. This vulnerability has significant implications for WordPress site administrators, as it could potentially allow attackers to access sensitive files, leading to further exploitation or data breaches. Affected users should prio [truncated]
A Missing Authorization vulnerability (CWE-862) in the AA-Team Woocommerce Envato Affiliates WordPress plugin allows authenticated attackers with low privileges to access functionality not properly constrained by access control lists. The vulnerability affects versions up to and including 1.2.1. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) indicates a network-attackable, low-complexity issue [truncated]