590 matches found
ZimaOS - Authentication Bypass
ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...
CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-42654 WordPress Wallet System for WooCommerce plugin <= 2.7.5 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5...
CVE-2026-42654
CVE-2026-42654 affects the WordPress Wallet System for WooCommerce plugin (versions up to 2.7.5). The vulnerability is an authentication bypass via an alternate path or channel that enables password recovery exploitation. This is described as a broken authentication vulnerability and specifically...
WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by hhhai in WordPress Plugin WP Full Stripe Free versions = 8.4.1...
WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Disable Comments for Any Post Types Remove comments versions = 1.3.0...
WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by she11f in WordPress Plugin Smart Online Order for Clover versions = 1.6.0...
WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by 0xzenko in WordPress Plugin CloudSecure WP Security versions = 1.4.7...
WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability
WordPress Masteriyo - LMS plugin = 2.1.8 - Broken Authentication vulnerability discovered by HieuPenguin in WordPress Plugin Masteriyo - LMS versions = 2.1.8...
CVE-2026-42749
CVE-2026-42749 concerns a vulnerability in the WordPress plugin “Disable Comments for Any Post Types (Remove comments)” by Themeisle. Connected documents specify a Broken Authentication issue that enables an authentication bypass via an alternate path/channel, with potential for “Password Recover...
CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42735 WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
CVE-2026-42735
The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version
CVE-2026-42732 WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
CVE-2026-42735 WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
CVE-2026-42732 WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
CVE-2026-42732
CVE-2026-42732 affects the WordPress plugin Ads by WPQuads (quick-adsense-reloaded) up to version 3.0.2. The issue is described as Improper Validation of Specified Quantity in Input, allowing Input Data Manipulation. The CVE notes a Medium severity (CVSS 3.1: 6.5) with network attack vector, no u...
WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by kai63001 in WordPress Plugin KiviCare versions = 4.3.0...
Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103709)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103709 advisory. - This BASM Broken Authentication & Session Management vulnerability allows an unauthenticated attacker to perform actions as another user which ha...
CVE-2026-45217 WordPress Stripe Payment Gateway for WooCommerce plugin <= 5.0.7 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Gateway for WooCommerce: from n/a through 5.0.7...