21384 matches found
CVE-2026-42753
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
CVE-2026-42753
CVE-2026-42753 affects the WordPress WC Lovers WCFM Membership wc-multivendor-membership plugin (
CVE-2026-42726 WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
CVE-2026-42726
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
CVE-2026-42726 WordPress AWP Classifieds plugin <= 4.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...
WordPress Firebase Support & Chat Management plugin <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Farrukh Ziyaev in WordPress Plugin Firebase Support & Chat Management versions = 3.1.1...
CVE-2024-47268
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
CVE-2024-47268
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...
CVE-2026-3895
CVE-2026-3895 affects the WordPress plugin group: WPBakery Page Builder Addons by Livemesh. The vulnerability is a Stored Cross-Site Scripting via the lvca_admin_ajax AJAX action in all versions up to and including 3.9.4, caused by missing authorization checks and insufficient input sanitization....
CVE-2026-3895 WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...
CVE-2026-3896 Livemesh SiteOrigin Widgets <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lsowadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but does not...
CVE-2026-3897 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Missing Authorization
The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...
CVE-2026-3897
The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...
CVE-2026-9014 WP Promoter <= 1.3 - Missing Authorization to Unauthenticated Statistics Reset via wpp-reset_stats AJAX Action
The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the IAM API endpoints, including listUsers, getUser, listGroups, and getGroup. An attacker can retrieve sensitive user information, such as usernames, superuser status, and group memberships, by sending...
PT-2026-43973
Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6...
PT-2026-44021
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...
PT-2026-44027
Name of the Vulnerable Software and Affected Versions ElementsKit Elementor addons Lite versions prior to 3.9.7 Description A missing authorization issue in Wpmet ElementsKit Elementor addons Lite allows for the exploitation of incorrectly configured access control security levels. This is a brok...
Gitlab -- vulnerabilities
Gitlab reports: Improper Access Control issue in Duo AI workflow runners impacts GitLab EE Denial of Service issue in Wiki impacts GitLab CE/EE Incorrect Authorization issue in GraphQL WorkItem API impacts GitLab CE/EE Improper Authorization issue in Duo Workflows API impacts GitLab EE Missing...
PT-2026-43997
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...