WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...

CVE-2026-49782

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

CVE-2026-49782

Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0...

EUVD-2026-33931

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

CVE-2026-42669

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

CVE-2026-42669

CVE-2026-42669 affects WordPress EventPrime plugin up to version 4.3.2.0, with a Missing Authorization/Broken Access Control vulnerability stemming from incorrectly configured access control security levels. CVSS v3.1 base score 7.5 (HIGH), impact to integrity is high while confidentiality/availa...

EUVD-2026-33907

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

CVE-2025-53346

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

EUVD-2025-210034

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

PT-2026-45721

Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3...

PT-2026-45747

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

PT-2026-45717

Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

PT-2026-45733

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

CVE-2026-42671

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

EUVD-2026-33692

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

EUVD-2026-33688

Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41...

EUVD-2026-33655

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...