PT-2026-2190

Name of the Vulnerable Software and Affected Versions Dashboard Welcome for Beaver Builder versions through 1.0.8 Description An issue exists in Dashboard Welcome for Beaver Builder related to incorrectly configured access control security levels, allowing for missing authorization. The issue...

WordPress plugin Docket Cache 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin WP Attractive Donations System - Easy Stripe & Paypal donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...

CVE-2025-14370

CVE-2025-14370 corresponds to the Quote Comments plugin for WordPress with Missing Authorization in all versions up to 3.0.0. The vulnerability allows authenticated users with Subscriber+ privileges to update arbitrary plugin options via the ‘action’ parameter, per Wordfence reporting. Current st...

CVE-2025-69354

Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through = 0.1.1...

CVE-2025-13766 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for...

CVE-2025-14441 Popupkit <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Subscriber Data Deletion

The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST API endpoint in all versions up to, and including, 2.2.0. This is due to the permissioncallback only validating wprest nonce without checking user...

WordPress plugin The Events Calendar Countdown Addon 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security...

CVE-2025-15235

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files...

CVE-2025-15406

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2025-15406 PHPGurukul Online Course Registration authorization

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2025-66149 WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in merkulove UnGrabber ungrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through = 3.1.3...

EUVD-2025-205984

Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7...

CVE-2025-63016

QuadLayers TikTok Feed (QuadLayers TikTok Feed) is affected by CVE-2025-63016 due to Missing Authorization/Access Control weaknesses. The WordPress plugin (QuadLayers TikTok Feed) is listed as affected and the Patch Status is Unpatched in the vulnerability details, with a CVSS v3.1 base score of ...

CVE-2025-62081 WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through =...

WordPress CRM Memberships plugin <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action vulnerability

Missing Authorization to Unauthenticated 'ntzcrmaddnewtag' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin CRM Memberships versions = 2.5...

WordPress plugin Simple Like Page 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...

WordPress plugin Countdowner for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

CVE-2025-69027

Technical details about CVE-2025-69027 are not publicly available in the provided documents. Monitor for vendor advisories and updates.