674 matches found
ZimaOS - Authentication Bypass
ZimaOS = 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. id: CVE-2026-21891 info: name: ZimaO...
EUVD-2026-37638
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
EUVD-2026-37640
Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...
EUVD-2026-37614
Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...
EUVD-2026-37609
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
EUVD-2026-37666
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
CVE-2026-54817 WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...
CVE-2026-54802
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-49767
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49071
Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...
CVE-2026-42629
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
CVE-2026-25439
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
CVE-2026-54804
WordPress Melhor Envio plugin ≤ 2.16.3 has a Broken Authentication vulnerability (CVE-2026-54804). CVSS v3.1: Network, Privileges Required Low, User Interaction None, Confidentiality/Integrity Low, Availability High; base score 7.6 (High). Affected: Melhor Envio WordPress plugin versions up to an...
CVE-2026-54804 WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in Melhor Envio = 2.16.3 versions...
CVE-2026-54802
CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions
CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-49767
CVE-2026-49767 concerns the WordPress WordPress wpForo Forum plugin (≤ 3.1.0) with an Unauthenticated Broken Authentication vulnerability. Affected software is the wpForo Forum plugin; root cause is broken authentication in versions ≤ 3.1.0. Impact is high (CVSS v3.1 base score 9.8, CRITICAL) wit...
CVE-2026-49767 WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in wpForo Forum = 3.1.0 versions...
CVE-2026-49071
The entry affects the WordPress WooCommerce Dropshipping plugin (versions
CVE-2026-42629
Vulnerability overview: WordPress PowerPack Pro for Elementor (plugin) with versions