219078 matches found
CVE-2026-40782
CVE-2026-40782 : Unauthenticated Broken Access Control in WordPress WPAdverts plugin (versions
CVE-2026-40776
CVE-2026-40776 affects the WP Event Solution (Eventin) plugin up to version 4.1.8, where unauthenticated requests can trigger Broken Access Control. The root cause involves three permission checks that accept a wp_rest nonce as authentication, plus an IDOR-prone Order endpoint and an open seat-bo...
CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...
CVE-2026-40775 WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...
CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...
CVE-2026-40775
WordPress plugin Royal MCP (for the WordPress ecosystem) is affected up to version 1.4.2. The CVE describes an Unauthenticated Broken Access Control vulnerability, i.e., an attacker without credentials can access restricted functionality. The CVSS metrics (CVSS:3.1, AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:...
CVE-2026-40774
CVE-2026-40774 concerns the WordPress Booking Package plugin (versions
CVE-2026-40773 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...
CVE-2026-40773
The CVE covers WordPress plugin rtMedia for WordPress, BuddyPress and bbPress, vulnerable in versions
CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-40767
The CVE concerns WordPress wpForo Forum plugin, affected versions before 3.0.2, showing Unauthenticated Broken Access Control. The description indicates unauthenticated access via a network vector with no user interaction, affecting confidentiality (high) while other impacts are not noted. CVSSv3...
CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
CVE-2026-40743
CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions
CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-40741
CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...
CVE-2026-39594 WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-39594
CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions
CVE-2026-39584 WordPress RepairBuddy plugin <= 4.1132 - Broken Access Control vulnerability
Subscriber Broken Access Control in RepairBuddy = 4.1132 versions...
CVE-2026-39584
CVE-2026-39584 documents a Broken Access Control vulnerability in the WordPress RepairBuddy plugin, affecting versions
CVE-2026-39534 WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WP Directory Kit = 1.5.0 versions...