21323 matches found
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...
PT-2026-43145
Name of the Vulnerable Software and Affected Versions MyCryptoCheckout versions prior to 2.162 Description A missing authorization issue in the MyCryptoCheckout plugin allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control...
PT-2026-43141
Name of the Vulnerable Software and Affected Versions WP Chill RSVP and Event Management versions prior to 2.7.17 Description A missing authorization issue exists due to incorrectly configured access control security levels, which allows for broken access control. Recommendations Update to a...
PT-2026-43137
Name of the Vulnerable Software and Affected Versions Autoship Cloud for WooCommerce Subscription Products versions prior to 2.14.1 Description A missing authorization issue exists in the Autoship Cloud for WooCommerce Subscription Products plugin, which allows for the exploitation of incorrectly...
PT-2026-43139
Name of the Vulnerable Software and Affected Versions B2BKing versions prior to 5.2.10 Description A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if ...
PT-2026-43134
Name of the Vulnerable Software and Affected Versions Newses versions prior to 2.0.0.78 Description A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than 2.0.0.77...
PT-2026-43140
Name of the Vulnerable Software and Affected Versions WP Search Analytics versions prior to 1.5.0 Description A missing authorization issue in the plugin allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control. Recommendations Updat...
PT-2026-43154
Name of the Vulnerable Software and Affected Versions SePay Gateway versions prior to 1.1.21 Description A missing authorization issue in the SePay Gateway allows for the retrieval of embedded sensitive data. Recommendations Update to a version later than 1.1.20...
PT-2026-43156
Name of the Vulnerable Software and Affected Versions Sunshine Photo Cart versions prior to 3.6.8 Description A missing authorization issue in the WP Sunshine Sunshine Photo Cart plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access...
PT-2026-43133
Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0...
PT-2026-43135
Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3...
CVE-2026-9350
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function checkallcommandguards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly...
CVE-2026-9350 NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function checkallcommandguards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly...
CVE-2026-6419
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...
CVE-2026-6895
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
CVE-2026-6419
Vulnerability summary (CVE-2026-6419) : The WishList Member WordPress plugin is affected on versions up to 3.30.1 by a missing authorization check in ajax_get_screen(), allowing authenticated users with Subscriber-level access or higher to pass an admin screen via data[url] and load the administr...
CVE-2026-6419 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_get_screen' AJAX action
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...
EUVD-2026-31527
The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...
CVE-2026-6897
The CVE describes a missing capability check in Wishlist Member for WordPress (WishListMember\Features\Team_Accounts::save_settings) affecting all versions up to and including 3.30.1. This allows authenticated users with Subscriber-level access or higher to modify arbitrary plugin options, includ...
CVE-2026-9284 WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure
The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...