Lucene search
K

162785 matches found

Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57694 WordPress Tutor LMS plugin <= 3.9.13 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...

6.5CVSS0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57693 WordPress Ad Inserter plugin <= 2.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57405 WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...

7.1CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57412 WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through = 4.6.9...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57419 WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 3.1.8...

6.5CVSS0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57392 WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57418 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-57395

CVE-2026-57395 affects the WordPress Tourfic plugin (versions

6.5CVSS6.1AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57727

CVE-2026-57727 concerns the WordPress Kirki plugin (Kirki) with versions 6.0.13 and earlier, reported as a Missing Authorization / Broken Access Control vulnerability. The connected sources (NVD, CVE records, CVElist, PatchStack) describe an incorrectly configured access control that could allow ...

7.5CVSS6.1AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-57400

The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2 days ago21 views

CVE-2026-57729

The CVE-2026-57729 entry details a Missing Authorization (Broken Access Control) flaw in the UX-themes Flatsome WordPress theme for versions up to and including 3.20.5. The underlying issue is an improperly configured access control that can expose data with no privileges required (attack vector:...

7.5CVSS6.1AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-57694

CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57408

CVE-2026-57408 affects the WordPress Peach Payments Gateway plugin wc-peach-payments-gateway

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-57705

CVE-2026-57705 affects the WordPress plugin Event Tickets (versions

7.5CVSS6.1AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-57406

CVE-2026-57406 : A Missing Authorization vulnerability is reported in the WordPress FundEngine plugin (wp-fundraising-donation) affecting versions up to 1.7.6. The issue is described as broken access control due to incorrectly configured access security levels, enabling exploitation of access con...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-57412

The CVE-2026-57412 entry concerns the WordPress Gift Vouchers plugin (versions up to 4.6.9). The vulnerability is described as a Missing Authorization issue caused by Incorrectly Configured Access Control Security Levels, i.e., a Broken Access Control vulnerability. Affected component: gift-vouch...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-57408 WordPress Peach Payments Gateway plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through = 4.0.2...

6.5CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder