13536 matches found
PT-2026-54983
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
PT-2026-55030
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
PT-2026-55033
Contributor Broken Access Control in Flatsome = 3.20.5 versions...
PT-2026-54981
Name of the Vulnerable Software and Affected Versions Motors versions prior to 5.6.81 Description An unauthenticated broken access control issue exists, allowing unauthorized users to bypass access restrictions. Recommendations Update to a version newer than 5.6.80...
PT-2026-54960
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
PT-2026-55026
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
PT-2026-55038
Name of the Vulnerable Software and Affected Versions ez Form Calculator Premium versions prior to 2.14.1.3 Description The plugin contains a broken access control issue that allows unauthenticated users to bypass authorization restrictions. Recommendations Update to a version newer than 2.14.1.2...
PT-2026-55034
Name of the Vulnerable Software and Affected Versions Booked versions prior to 3.0.1 Description Broken access control allows users with subscriber privileges to perform unauthorized actions. Recommendations Update to a version newer than 3.0.0...
PT-2026-55032
Subscriber Broken Access Control in Flatsome = 3.20.5 versions...
Important: Red Hat Security Advisory: Satellite 6.16.10 Async Update
An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
foreman: Foreman: Unauthorized modification of host configurations via broken access control
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...
foreman: Foreman: Unauthorized modification of host configurations via broken access control
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...
foreman: Foreman: Unauthorized modification of host configurations via broken access control
A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...
CVE-2026-57721 WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...
WordPress ApplyOnline plugin <= 2.6.7.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin ApplyOnline versions = 2.6.7.6...
CVE-2026-57720
The CVE-2026-57720 entry concerns the WordPress ThumbPress plugin (
CVE-2026-57720 WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...
WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Denver Jackson in WordPress Plugin ThumbPress versions = 6.3.2...
CVE-2026-27409 WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...
CVE-2026-27409
CVE-2026-27409 : Missing Authorization in Webba Booking for WordPress (plugin)