21323 matches found
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...
CVE-2026-40730
Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through = 2.0.0.6...
CVE-2026-40729
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-40728
Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...
CVE-2026-40728 WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a through = 1.8.3...
CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D Models: from n/a through = 1.8.5...
CVE-2026-3642
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3649
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3649
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3649
CVE-2026-3649 concerns the WordPress plugin “Katalogportal PDF Sync” (Widget) ≤ 1.0.0. The issue is Missing Authorization via the AJAX handler katalogportal_shortcodePrinter, registered through wp_ajax_katalogportal_shortcodePrinter. The handler lacks capability checks (current_user_can()) and no...
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action
The Katalogportal PDF Sync plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.0. The katalogportalpopupshortcode function is registered as an AJAX handler via wpajaxkatalogportalshortcodePrinter but lacks any capability check currentusercan or nonc...
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642
CVE-2026-3642 concerns the WordPress plugin e-shot form builder. It affects all versions up to and including 1.0.2, where the AJAX handler eshot_form_builder_update_field_data() lacks capability checks (current_user_can()) and nonce verification (check_ajax_referer()/wp_verify_nonce()). Registere...
WordPress Nexi XPay plugin <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification vulnerability
Missing Authorization to Unauthenticated Order Status Modification vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Nexi XPay versions = 8.3.0...
PT-2026-33050
Name of the Vulnerable Software and Affected Versions Majestic Support versions prior to 1.1.3 Description Majestic Support contains a flaw where incorrectly configured access control security levels allow for missing authorization. Recommendations Update to a version newer than 1.1.2...
PT-2026-33045
Name of the Vulnerable Software and Affected Versions Nelio AB Testing versions prior to 8.2.9 Description Nelio AB Testing contains a missing authorization flaw that allows the exploitation of incorrectly configured access control security levels. Recommendations Update to a version newer than...