219127 matches found
WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Montonio for WooCommerce versions = 10.1.2...
CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...
CVE-2026-7198
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...
CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...
EUVD-2026-33919
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations...
CVE-2026-7198
Progress Sitefinity CMS is affected by CVE-2026-7198 due to CWE-284 Improper Access Control in web services. Versions affected: 15.4.8623 and earlier, with disclosure that 15.4.8630 addresses the issue (exact remediation not detailed in the provided documents). A remote unauthenticated attacker c...
CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...
EUVD-2026-33916
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...
CVE-2026-39552
CVE-2026-39552 affects the WordPress Blueprint theme prior to 1.1.5, which suffers from an Improper Control of Filename for Include/Require (PHP Local File Inclusion). The vulnerability arises from inadequate validation of included/required filenames, enabling an attacker to cause local file incl...
CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...
CVE-2026-42670
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
CVE-2026-42669
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...
CVE-2026-42670 WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
CVE-2026-42670
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
EUVD-2026-33908
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
CVE-2026-42670 WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14...
CVE-2026-42669
CVE-2026-42669 affects WordPress EventPrime plugin up to version 4.3.2.0, with a Missing Authorization/Broken Access Control vulnerability stemming from incorrectly configured access control security levels. CVSS v3.1 base score 7.5 (HIGH), impact to integrity is high while confidentiality/availa...
CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...
CVE-2026-42669
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...
EUVD-2026-33907
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...