150 matches found
CVE-2026-24605
CVE-2026-24605 concerns WordPress plugin X Addons for Elementor with versions up to 1.0.23. The Red Hat/NVD entries describe a Missing Authorization vulnerability caused by misconfigured access control security levels, enabling unauthorized access. Public feeds corroborate the affected software a...
CVE-2026-24532
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2...
CVE-2026-24529
CVE-2026-24529 affects the WordPress plugin Quick Restaurant Reservations (
CVE-2026-22461 WordPress CTX Feed plugin <= 6.6.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through = 6.6.18...
CVE-2026-22396
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through = 1.0...
CVE-2025-69188
CVE-2025-69188 is a WordPress plugin issue in the Fitness Trainer plugin (eCommerce/fitness plugin) labeled as a Missing Authorization vulnerability. Affected versions are <= 1.7.1. The security issue stems from incorrectly configured access control security levels, enabling unauthorized actio...
CVE-2025-69188 WordPress fitness-trainer plugin <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through = 1.7.1...
CVE-2025-67967
CVE-2025-67967 is a Missing Authorization/Broken Access Control vulnerability in the WordPress plugin e-plugins Lawyer Directory (lawyer-directory) affecting versions up through 1.3.3. Root cause: incorrectly configured access control security levels allowing unauthorized privilege escalation. Pu...
CVE-2026-22492 WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through = 24.07.04...
CVE-2025-69355 WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.4...
CVE-2025-69327 WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.0.9...
CVE-2025-31046 WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29...
CVE-2025-66150 WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in merkulove Appender appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through = 1.1.1...
CVE-2025-66157
Technical details for CVE-2025-66157 are not provided in the supplied documents; no affected versions, impact, vectors, or fixes are specified. Monitor official updates for additional information.
CVE-2025-62147 WordPress Realbig plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3...
CVE-2025-69024 WordPress BizPrint plugin <= 4.6.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through = 4.6.7...
CVE-2025-68591 WordPress Simple File List plugin <= 6.1.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through = 6.1.18...
CVE-2025-68587 WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through = 3.4.5...
CVE-2025-68572 WordPress BBP Core plugin <= 1.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through = 1.4.1...
CVE-2025-68535 WordPress Sunshine Photo Cart plugin <= 3.5.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.7.1...