CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

PT-2026-25503

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate license function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

EUVD-2026-11760

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

EUVD-2026-11786

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

EUVD-2026-11907

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-4063

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

GO-2026-4691 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings in github.com/ellanetworks/core

Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings in github.com/ellanetworks/core...

CVE-2026-32394

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394 WordPress PublishPress Capabilities plugin <= 2.31.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through = 2.31.0...

CVE-2026-32394

The CVE-2026-32394 entry concerns the WordPress PublishPress Capabilities plugin (capability-manager-enhanced) with a Broken Access Control/Missing Authorization issue. Affected component: PublishPress Capabilities, versions up to and including 2.31.0. Root cause: incorrectly configured access co...

CVE-2026-4063

CVE-2026-4063 affects the WordPress plugin Social Icons Widget & Block by WPZOOM. The Red Hat and CVE records, corroborated by the Wordfence vulnerability report, describe a missing capability check in the add_menu_item() function hooked to admin_menu in all versions up to 4.5.8. This allows auth...

CVE-2026-4063

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-4063 Social Icons Widget & Block <= 4.5.8 - Missing Authorization to Authenticated (Subscriber+) Sharing Configuration Creation

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-3891

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

CVE-2026-3891

CVE-2026-3891 affects the Pix for WooCommerce WordPress plugin. The issue is an unauthenticated arbitrary file upload in the lkn_pix_for_woocommerce_c6_save_settings endpoint (and related nonce generation flow), caused by missing capability checks and file-type validation in all versions up to 1....

CVE-2026-3891 Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lknpixforwoocommercec6savesettings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated...

PT-2026-25166

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add menu item method hooked to admin menu in all versions up to, and including, 4.5.8. This is due to the method performing wp insert post and...