CVE-2026-57661

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

CVE-2026-57646

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

CVE-2026-57649

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

CVE-2026-57640

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

CVE-2026-57632

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...

CVE-2026-57622

Subscriber Broken Access Control in WPCafe = 3.0.14 versions...

CVE-2026-57316

Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...

CVE-2026-57318

Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...

CVE-2026-57313

Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...

CVE-2026-56058

Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...

CVE-2026-56059

Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...

CVE-2026-56064

Subscriber SQL Injection in Tourfic = 2.22.5 versions...

CVE-2026-56046

Subscriber Cross Site Scripting XSS in ListingPro = 2.9.11 versions...

CVE-2026-56032

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

CVE-2026-56010

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...

CVE-2026-54826

Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...

CVE-2025-63078

Subscriber Broken Access Control in Restaurant Menu by MotoPress = 2.4.11 versions...

CVE-2026-57661 WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

CVE-2026-57661

The CVE concerns the WordPress WPComplete plugin (affected:

EUVD-2026-39666

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...