11574 matches found
CVE-2026-57797
CVE-2026-57797 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress EduMall theme (ThemeMove EduMall) up to version 4.5.1. The NVD/CVE records and Patchstack entry indicate that access control levels were incorrectly configured, allowing unauthorized access to ...
CVE-2026-57779
The CVE covers a Missing Authorization (Broken Access Control) issue in the WordPress Fascinate theme, versions up to and including 1.1.5. The public description states exploitation arises from Incorrectly Configured Access Control Security Levels, affecting Fascinate via the theme and is categor...
CVE-2026-57776
CVE-2026-57776 affects the WordPress VW Wedding theme (vw-wedding) up to version 1.3.7. The issue is described as a Missing Authorization / Broken Access Control vulnerability resulting from incorrectly configured access control levels, allowing exploitation under the described scenario (per CVE ...
CVE-2026-57778
CVE-2026-57778 affects the WordPress plugin Booking calendar, Appointment Booking System, specifically versions up to and including 3.2.36. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels in the booking-ca...
CVE-2026-61985
CVE-2026-61985 affects the WordPress Car Rental Manager plugin (
CVE-2026-61968
CVE-2026-61968 affects the WordPress myCred plugin up to version 3.1.2. The root cause is a Missing Authorization/Broken Access Control due to incorrectly configured access control security levels, allowing unintended access. The CVE indicates a MEDIUM-severity issue (CVSS 3.1: 5.4) with network ...
CVE-2026-59523
CVE-2026-59523 affects the WordPress plugin Simply Schedule Appointments (
CVE-2026-57779 WordPress Fascinate theme <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...
CVE-2026-57781 WordPress MeetingHub plugin <= 1.25.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through = 1.25.10...
CVE-2026-57797 WordPress EduMall theme <= 4.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...
CVE-2026-61968 WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...
CVE-2026-57812 WordPress Simply Schedule Appointments plugin <= 1.6.12.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...
CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...
CVE-2026-57776 WordPress VW Wedding theme <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through = 1.3.7...
CVE-2026-57778 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.36 - Broken Access Control vulnerability
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through = 3.2.36...
CVE-2026-57782 WordPress Universal Clocks plugin <= 1.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n/a through = 1.2.0...
CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-57395
CVE-2026-57395 affects the WordPress Tourfic plugin (versions
CVE-2026-57729
The CVE-2026-57729 entry details a Missing Authorization (Broken Access Control) flaw in the UX-themes Flatsome WordPress theme for versions up to and including 3.20.5. The underlying issue is an improperly configured access control that can expose data with no privileges required (attack vector:...
CVE-2026-57419
CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...