11607 matches found
CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...
CVE-2026-57797 WordPress EduMall theme <= 4.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...
CVE-2026-61968 WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...
CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-57392
The CVE-2026-57392 entry concerns the WordPress Tourfic plugin (versions up to 2.22.5) with a Missing Authorization / Broken Access Control vulnerability. The root cause is misconfigured access control, enabling unauthorized access to protected resources or actions. Impact is described as broken ...
CVE-2026-57405
CVE-2026-57405 affects WordPress Open Shop theme (versions up to and including 1.7.1). The root cause is Missing Authorization due to incorrectly configured access control levels, classified as a Broken Access Control vulnerability. CVSS3.1 metrics indicate a HIGH base score of 7.1 (AV:N/AC:L/PR:...
CVE-2026-57424
CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...
CVE-2026-57419
CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...
CVE-2026-57395
CVE-2026-57395 affects the WordPress Tourfic plugin (versions
CVE-2026-57408
CVE-2026-57408 affects the WordPress Peach Payments Gateway plugin wc-peach-payments-gateway
CVE-2026-57406
CVE-2026-57406 : A Missing Authorization vulnerability is reported in the WordPress FundEngine plugin (wp-fundraising-donation) affecting versions up to 1.7.6. The issue is described as broken access control due to incorrectly configured access security levels, enabling exploitation of access con...
CVE-2026-57727
CVE-2026-57727 concerns the WordPress Kirki plugin (Kirki) with versions 6.0.13 and earlier, reported as a Missing Authorization / Broken Access Control vulnerability. The connected sources (NVD, CVE records, CVElist, PatchStack) describe an incorrectly configured access control that could allow ...
CVE-2026-57729
The CVE-2026-57729 entry details a Missing Authorization (Broken Access Control) flaw in the UX-themes Flatsome WordPress theme for versions up to and including 3.20.5. The underlying issue is an improperly configured access control that can expose data with no privileges required (attack vector:...
CVE-2026-57740
CVE-2026-57740 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress AcyMailing Newsletter SMTP Newsletter plugin, affecting versions up to and including 10.11.1. The issue stems from incorrectly configured access control, enabling an attacker with network acces...
CVE-2026-57392 WordPress Tourfic plugin <= 2.22.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through = 2.22.5...
CVE-2026-57727 WordPress Kirki plugin <= 6.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through = 6.0.13...
CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57405 WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...
CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...
CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...