PT-2026-44035

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...

PT-2026-44026

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

PT-2026-44153

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

PT-2026-43579

Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description A missing authorization issue exists within the AddOns functionality. This allows remote authenticated users who...

PT-2026-43638

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through = 4.4.5...

PT-2026-43661

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

PT-2026-43549

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labb admin ajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but...

PT-2026-44025

Name of the Vulnerable Software and Affected Versions DearFlip versions prior to 2.4.28 Description A missing authorization issue in DearHive DearFlip allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails ...

PT-2026-44045

Name of the Vulnerable Software and Affected Versions The Post Grid versions prior to 7.9.3 Description A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 7.9.2...

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

CVE-2026-31266

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint /actions/app/migrate...

PT-2026-44028

Name of the Vulnerable Software and Affected Versions ElementsKit Elementor addons Lite versions prior to 3.9.7 Description A missing authorization issue in Wpmet ElementsKit Elementor addons Lite allows for the exploitation of incorrectly configured access control security levels. This is a brok...

CVE-2026-31266

CVE-2026-31266 affects Craft CMS 5.9.5 and earlier. Affected component: migrate endpoint at /actions/app/migrate. Root cause: missing authorization check in migrate action leading to Missing Authorization vulnerability. Impact (per sources): unauthorized actions on migrate could lead to changes w...

Kirby CMS's `pages.access` permission is not checked during rendering of page drafts

TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, via options in the model blueprints or via a combination of both settings. Kirby sites...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the pages.access permission check during the rendering process of page drafts. An attacker can gain unauthorized access to sensitive page draft content by authenticating as a user without the required permission...

CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

CVE-2025-14361

CVE-2025-14361 affects the WordPress plugin AA-Team Woocommerce Envato Affiliates (

CVE-2025-14361

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...