CVE-2026-25414 WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through = 1.6.18...

CVE-2026-25414 WordPress WPBookit Pro plugin <= 1.6.18 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through = 1.6.18...

CVE-2026-24971 WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through = 2.8...

CVE-2026-24968

CVE-2026-24968 – Xagio SEO WordPress plugin Privilege Escalation CVE-2026-24968 corresponds to an Incorrect Privilege Assignment vulnerability in the WordPress plugin Xagio SEO, affecting versions from n/a through

CVE-2026-24968 WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through = 7.1.0.30...

CVE-2026-24971 WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through = 2.8...

PT-2026-27970

Name of the Vulnerable Software and Affected Versions uxper Golo versions through 1.7.0 Description An incorrect privilege assignment exists in uxper Golo, allowing for privilege escalation. Recommendations Update uxper Golo to a version later than 1.7.0...

PT-2026-28044

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through = 1.1.18...

PT-2026-28065

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7...

PT-2026-28034

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

PT-2026-28002

Name of the Vulnerable Software and Affected Versions wpeverest User Registration versions through 4.4.9 Description An incorrect privilege assignment exists in wpeverest User Registration. This allows for privilege escalation. Recommendations Update wpeverest User Registration to a version later...

PT-2026-27942

Name of the Vulnerable Software and Affected Versions WPBookit Pro versions n/a through 1.6.18 Description An incorrect privilege assignment exists in iqonicdesign WPBookit Pro wpbookit-pro, allowing for privilege escalation. The issue affects the software as described. Recommendations Update...

PT-2026-27864

Name of the Vulnerable Software and Affected Versions Elated-Themes Search & Go versions n/a through 2.8 Description An incorrect privilege assignment issue exists in Elated-Themes Search & Go. This allows for privilege escalation. The issue affects the searchgo component. Recommendations Update ...

PT-2026-27901

Name of the Vulnerable Software and Affected Versions Salon Booking System Pro versions prior to 10.30.12 Description An Incorrect Privilege Assignment issue exists in Salon Booking System Pro. This allows for privilege escalation. Recommendations Update Salon Booking System Pro to version 10.30....

PT-2026-27861

Name of the Vulnerable Software and Affected Versions Xagio SEO versions n/a through 7.1.0.30 Description An incorrect privilege assignment exists in Xagio SEO. This allows for privilege escalation. Recommendations Update Xagio SEO to a version later than 7.1.0.30...

CVE-2026-33719

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...

CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...

CVE-2026-33719

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...

CVE-2026-33719

CVE-2026-33719 affects WWBN AVideo up to version 26.0, where the CDN plugin’s status.json.php and disable.json.php endpoints accept key-based authentication with an empty default key. When the CDN plugin is enabled but the key is not configured, the key validation is bypassed, allowing an unauthe...

CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...