CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

CVE-2026-27346

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10...

CVE-2026-45442

Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Presto Player: from n/a through 4.1.3...

CVE-2026-45210

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...

CVE-2026-45443

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

CVE-2026-45212

Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through = 1.4.0.3...

CVE-2026-6708

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permissioncallback of 'returntrue', which bypasses all...

CVE-2026-6663

The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is due to the plugin's standalone agent endpoints gwd-backup.php and gwd-logs.php not verifying authentication when the API key has not been...

CVE-2026-6214

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.53.0. This is due to the listenforsavingexportschedule function in library/class-export.php failing to perform a capability check before saving the scheduled export configuration,...

CVE-2026-6937

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.11.8 due to the plugin not properly verifying that a user is authorized to perform an action via the bulk appointmen...

CVE-2026-6472

A flaw was found in PostgreSQL CREATE TYPE handling for multirange types. The database failed to properly verify schema CREATE privileges during multirange type creation. An authenticated database user could exploit this issue to hijack queries that rely on searchpath resolution for user-defined ...

CVE-2026-6441

The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptions function, which is exposed via two AJAX hooks: wpajaxupdateOptions class-canto.php line 231 an...

CVE-2026-6222

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

CVE-2026-6145

The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the isadmincreationprocess method relying solely on the presence of action=createuser in the $REQUEST superglobal without performing any...

CVE-2026-6709

The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...

CVE-2025-53345

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

CVE-2026-42726

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

CVE-2026-42671

Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...

CVE-2026-24582

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...