CVE-2026-24590

The CVE-2026-24590 entry affects the WordPress plugin “Paid Videochat Turnkey Site” (versions up to and including 7.3.23). Root cause: Missing/incorrect authorization allows Broken Access Control. Impact, per the provided metrics, is low confidentiality impact and no integrity/availability impact...

CVE-2026-24590 WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat Turnkey Site allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Videochat Turnkey Site: from n/a through 7.3.23...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ChuongVN in WordPress Plugin Paid Videochat Turnkey Site versions = 7.3.23...

CVE-2026-24638 WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...

CVE-2026-24638 WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webful Creations RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 4.1121...

CVE-2026-24638

CVE-2026-24638 concerns a missing authorization issue in the WordPress RepairBuddy plugin (

WordPress RepairBuddy plugin <= 4.1121 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin RepairBuddy versions = 4.1121...

CVE-2026-39655

CVE-2026-39655 applies to WordPress Mayosis Core plugin, affected through version 5.4.7. The issue is described as a Missing Authorization (Broken Access Control) vulnerability in TeconceTheme Mayosis Core, allowing exploitation due to incorrectly configured access control security levels. CVSS v...

CVE-2026-39655 WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

CVE-2026-39655 WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

WordPress Mayosis Core plugin <= 5.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Mayosis Core versions = 5.4.7...

WordPress Genemy theme <= 1.6.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Genemy versions = 1.6.6...

PT-2026-43398

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description Broken access control exists in the OSS file service URL fetch API endpoint "chat/api/oss/get url". The system uses the application id variable from the URL path without validating ownership, which...

CVE-2026-32389

The CVE affects WordPress NanoCare theme prior to version 1.2.2, where a Missing Authorization vulnerability enables Broken Access Control due to incorrectly configured access control security levels in NanoCare. Affected component is the NanoCare WordPress theme; root cause is improper authoriza...

CVE-2026-32389 WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2...

CVE-2026-32389 WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2...

WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO in WordPress Theme NanoCare versions 1.2.2...

CVE-2026-42776

The CVE concerns WordPress Sunshine Photo Cart plugin

CVE-2026-42776 WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...