CVE-2026-39700 WordPress WowOptin plugin <= 1.4.32 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through = 1.4.32...

CVE-2026-24364

CVE-2026-24364 is a Missing Authorization vulnerability in the WordPress plugin WP User Frontend (weDevs) affecting versions up to and including 4.2.5. The issue, identified by a researcher (daroo), arises from incorrectly configured access control security levels. Public advisories from Red Hat,...

CVE-2026-22479 WordPress Easy Post Submission plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submission: from n/a through = 2.4.0...

CVE-2026-27387 WordPress DirectoryPress plugin <= 3.6.26 - Broken Access Control vulnerability

Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through = 3.6.26...

CVE-2025-68507

CVE-2025-68507 : Missing Authorization in Icegram Engage (WordPress plugin) allows an unauthenticated attacker to exploit incorrectly configured access control. The vulnerability affects Icegram Engage up to and including version 3.1.35. Red Hat and CVE records corroborate the issue and its affec...

CVE-2025-62098

Technical details for CVE-2025-62098 are not provided in the supplied connected documents. Public specifics (affected versions beyond 1.4.8, root cause, exploit information, patch) are not included here. Monitor for updates.

CVE-2025-69013 WordPress Stratum plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through = 1.6.1...

CVE-2025-54745

CVE-2025-54745 concerns a Missing Authorization vulnerability in miniOrange’s Google Authenticator WordPress plugin (miniorange-2-factor-authentication) up to version 6.1.1. Connected sources confirm a Broken Access Control/Incorrectly Configured Access Control vulnerability affecting the plugin ...

CVE-2025-64242 WordPress Easy Property Listings plugin <= 3.5.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.22...

CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.4.1...

CVE-2025-62964

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.6...

CVE-2025-62966 WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through = 1.3.6...

CVE-2025-59567 WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through = 6.8.0...

CVE-2025-59576 WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.20...