53 matches found
EUVD-2026-39398
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...
CVE-2026-49045
Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11...
CVE-2026-32389
The CVE affects WordPress NanoCare theme prior to version 1.2.2, where a Missing Authorization vulnerability enables Broken Access Control due to incorrectly configured access control security levels in NanoCare. Affected component is the NanoCare WordPress theme; root cause is improper authoriza...
CVE-2026-25431 WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1...
CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...
CVE-2026-40728
The CVE-2026-40728 entry documents a Missing Authorization vulnerability in the WordPress Magazine Blocks plugin (BlockArt magazine-blocks) affecting versions up to 1.8.3. The issue arises from incorrectly configured access control security levels, enabling exploitation due to insufficient author...
CVE-2026-39610
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through = 1.1...
CVE-2026-39607 WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through = 1.1.17...
CVE-2026-39585
The CVE-2026-39585 entry concerns the WordPress Booktics plugin, version range from unknown up to and including 1.0.16, described as a Missing Authorization vulnerability due to incorrectly configured access control. The vulnerability affects Booktics components (booktics) and is characterized by...
CVE-2026-39501
CVE-2026-39501 is a Broken Access Control vulnerability affecting WordPress FOX plugin (woocommerce-currency-switcher) versions <= 1.4.5. The root cause is Missing Authorization / incorrectly configured access control, allowing unauthorized access due to insufficient restrictions. Documents co...
CVE-2026-39506 WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jordy Meow AI Engine Pro ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine Pro: from n/a through 3.4.2...
CVE-2026-39504 WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through = 0.1.2.5...
CVE-2026-25460
CVE-2026-25460 affects Ave Core (Ave Core plugin) for WordPress, with a Missing Authorization flaw in ave-core that permits exploitation due to incorrectly configured access control/security levels in Ave Core versions up to 2.9.1. The connected documents confirm the vendor/product (Ave Core) and...
CVE-2026-24972 WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...
CVE-2026-32586
CVE-2026-32586 describes a Missing Authorization vulnerability in Booster for WooCommerce (WordPress plugin). Affected: Booster for WooCommerce versions prior to 7.11.3. Root cause: incorrectly configured access control/security levels allowing unauthorized actions. Impact: CVSS v3.1 base score 5...
CVE-2026-32396 WordPress Team plugin <= 5.0.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.13...
CVE-2026-27388
CVE-2026-27388 : The Red Hat/WordPress data identify a Missing Authorization vulnerability in the DesignThemes Booking Manager plugin (designthemes-booking-manager) up to version 2.0. The issue is described as Broken/Incorrectly Configured Access Control, enabling unauthorized access due to missi...
CVE-2025-69393 WordPress Exzo theme <= 1.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through = 1.2.4...
CVE-2025-68048
CVE-2025-68048 involves the WordPress plugin NextMove Lite (XLPlugins)
CVE-2026-24990 WordPress WP Docs plugin <= 2.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through = 2.2.8...