CVE-2026-28135

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1049...

CVE-2024-39625

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...

EUVD-2024-52403

Malicious code in bioql PyPI...

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

CVE-2025-47558

Missing Authorization vulnerability in RomanCode MapSVG mapsvg allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a through 8.6.13...

CVE-2024-53708

Missing Authorization vulnerability in kekotron AI Quiz ai-quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through = 1.1...

CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through = 2.3.7...

CVE-2025-47457 WordPress LocateAndFilter plugin <= 1.6.16 - Broken Access Control Vulnerability

Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through = 1.6.16...

CVE-2025-39513

Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND activedemand allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ActiveDEMAND: from n/a through = 0.2.46...

CVE-2025-26958

Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetBlog: from n/a through = 2.4.3...

CVE-2025-26958

CVE-2025-26958 affects the WordPress Crocoblock JetBlog (JetBlog for Elementor) up to version 2.4.3. The issue is a Missing Authorization vulnerability that permits accessing functionality not properly constrained by ACLs. Reported across multiple sources (including Patchstack and CVE registries)...

CVE-2025-26944 WordPress JetPopup plugin <= 2.0.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Crocoblock JetPopup jet-popup allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetPopup: from n/a through = 2.0.11...

CVE-2025-26942

CVE-2025-26942 (JetTricks plugin) : Affected Product/Version: Crocoblock JetTricks plugin up to and including 1.5.1. Root cause: Missing/relaxed authorization enabling Accessing Functionality Not Properly Constrained by ACLs. Impact: Missing Authorization vulnerability could allow unauthorized ac...

CVE-2025-31012

CVE-2025-31012 describes a Missing Authorization vulnerability in the WordPress plugin “Age Gate,” affecting versions up to 3.5.4. The root cause is missing authorization checks, allowing access to functionality unconstrained by ACLs. The Wordfence vulnerability entry confirms this issue and note...

CVE-2025-30821 WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through = 0.4.14...

CVE-2025-28872

Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded block-spam-by-math-reloaded allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Block Spam By Math Reloaded: from n/a through = 2.2.4...

CVE-2024-56225

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through = 4.10.56...

CVE-2024-54417 WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

CVE-2024-43323

Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28...

CVE-2024-43341

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5...