CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

CVE-2026-57521

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

CVE-2026-56023

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

CVE-2026-54842

The CVE describes a Missing Authorization vulnerability in the WordPress Royal MCP plugin (Royal MCP) affecting versions up to 1.4.25. The issue is categorized as Broken Access Control with a CVSS v3.1 base score of 8.1 (HIGH), with network attack vector, low attack complexity, and privileges req...

CVE-2026-57429

CVE-2026-57429 is associated with the WordPress plugin Slim SEO (versions ≤ 4.6.2). The vulnerability is described as Broken Access Control in the available connected documents (Patchstack listing and CVE records). Public details in the connected sources confirm the affected software/component an...

CVE-2026-57429 WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

EUVD-2026-39385

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

CVE-2026-56023 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

EUVD-2026-39378

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

CVE-2026-56023

The CVE concerns the WordPress plugin “UPI QR Code Payment Gateway for WooCommerce” (versions ≤ 1.6.2). The root cause is Broken Access Control, allowing unauthorized access with low privileges over a network. Metrics indicate a CVSS v3.1 base score of 5.4 (Medium) with Privileges Required: Low, ...

CVE-2026-54844

The CVE-2026-54844 entry concerns WordPress CheckView Automated Testing plugin (versions

EUVD-2026-39371

Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...

CVE-2026-54828 WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

EUVD-2026-39366

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

EUVD-2026-39367

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

CVE-2026-27366

CVE-2026-27366 concerns WordPress WordPress MainWP Child plugin versions

EUVD-2026-39362

Unauthenticated Broken Access Control in MainWP Child = 6.1.1 versions...

WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Slim SEO versions = 4.6.2...