CVE-2026-56237

Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...

ZimaOS - Authentication Bypass

ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...

EUVD-2026-37640

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

EUVD-2026-37614

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

EUVD-2026-37609

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

EUVD-2026-37666

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

CVE-2026-54802

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

CVE-2026-49767

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

CVE-2026-42629

Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...

CVE-2026-25439

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

CVE-2026-54804 WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...

CVE-2026-54804

WordPress Melhor Envio plugin ≤ 2.16.3 has a Broken Authentication vulnerability (CVE-2026-54804). CVSS v3.1: Network, Privileges Required Low, User Interaction None, Confidentiality/Integrity Low, Availability High; base score 7.6 (High). Affected: Melhor Envio WordPress plugin versions up to an...

CVE-2026-54802

CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions

CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...

CVE-2026-49767

CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...

CVE-2026-49071

The entry affects the WordPress WooCommerce Dropshipping plugin (versions