CVE-2026-24619

CVE-2026-24619 : WordPress plugin PopCash Code Integration Tool (popcashnet-code-integration-tool) versions prior to 1.9 suffer Missing Authorization due to incorrectly configured access control. Public advisories (NVD/NVDRH/Red Hat) corroborate a medium impact with CVSS v3.1 base score 5.3 (Netw...

CVE-2026-24561

CVE-2026-24561: FluentBoards fluent-boards contains a Missing Authorization flaw (Broken Access Control) in versions up to 1.91.1. CVSS 3.1 base score 5.4 (Network, Low privileges, no user interaction). Wordfence/Red Hat/CVE listings indicate the issue is a broken access control vulnerability in ...

CVE-2026-24543 WordPress Materialis Companion plugin <= 1.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

CVE-2026-0927

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload...

CVE-2026-22472

Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through = 3.9.6...

CVE-2025-69193 WordPress WP Membership plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.4...

CVE-2025-69191 WordPress ListingHub plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through = 1.2.7...

CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...

CVE-2025-68003 WordPress Shown Connector plugin <= 1.2.10 - Settings Change vulnerability

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through = 1.2.10...

CVE-2025-67956 WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.6...

PT-2026-4229

Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through = 2.6.4...

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-23843

teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...

CVE-2026-0942 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated...

WordPress Booking Calendar plugin <= 10.14.11 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by shark3y in WordPress Plugin Booking Calendar versions = 10.14.11...

CVE-2026-0635

The CVE concerns the WordPress plugin Responsive Accordion Slider. A missing capability check in the resp_accordion_silder_save_images function in all versions up to and including 1.2.2 allows authenticated attackers with Contributor-level access or higher to modify any slider’s image metadata (t...

GO-2026-4290 Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve

Soft Serve is missing an authorization check in LFS lock deletion in github.com/charmbracelet/soft-serve...

CVE-2026-0817

CVE-2026-0817 concerns the Wikimedia Foundation MediaWiki - CampaignEvents extension. The vulnerability is described as a missing authorization issue that could allow privilege abuse in CampaignEvents API. Affected versions are 1.39, 1.43, 1.44, and 1.45. The connected Red Hat/NVD entries corrobo...

CVE-2025-12640 Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.1.5 - Missing Authorization to Authenticated (Author+) Media Replacement

The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the...

WordPress plugin REHub Framework 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...