162785 matches found
CVE-2026-57694 WordPress Tutor LMS plugin <= 3.9.13 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...
CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...
CVE-2026-57693 WordPress Ad Inserter plugin <= 2.8.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spacetime Ad Inserter ad-inserter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ad Inserter: from n/a through = 2.8.11...
CVE-2026-57405 WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...
CVE-2026-57412 WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through = 4.6.9...
CVE-2026-57419 WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 3.1.8...
CVE-2026-57392 WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...
CVE-2026-57418 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...
CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...
CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57395
CVE-2026-57395 affects the WordPress Tourfic plugin (versions
CVE-2026-57727
CVE-2026-57727 concerns the WordPress Kirki plugin (Kirki) with versions 6.0.13 and earlier, reported as a Missing Authorization / Broken Access Control vulnerability. The connected sources (NVD, CVE records, CVElist, PatchStack) describe an incorrectly configured access control that could allow ...
CVE-2026-57400
The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...
CVE-2026-57729
The CVE-2026-57729 entry details a Missing Authorization (Broken Access Control) flaw in the UX-themes Flatsome WordPress theme for versions up to and including 3.20.5. The underlying issue is an improperly configured access control that can expose data with no privileges required (attack vector:...
CVE-2026-57694
CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...
CVE-2026-57408
CVE-2026-57408 affects the WordPress Peach Payments Gateway plugin wc-peach-payments-gateway
CVE-2026-57705
CVE-2026-57705 affects the WordPress plugin Event Tickets (versions
CVE-2026-57406
CVE-2026-57406 : A Missing Authorization vulnerability is reported in the WordPress FundEngine plugin (wp-fundraising-donation) affecting versions up to 1.7.6. The issue is described as broken access control due to incorrectly configured access security levels, enabling exploitation of access con...
CVE-2026-57412
The CVE-2026-57412 entry concerns the WordPress Gift Vouchers plugin (versions up to 4.6.9). The vulnerability is described as a Missing Authorization issue caused by Incorrectly Configured Access Control Security Levels, i.e., a Broken Access Control vulnerability. Affected component: gift-vouch...
CVE-2026-57408 WordPress Peach Payments Gateway plugin <= 4.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through = 4.0.2...