21327 matches found
CVE-2026-3477
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...
CVE-2026-3477 PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.6. The pzfmuserrequestactioncallback function, registered via the wpajaxpzfmuserrequestaction action hook, lacks both capability checks and nonce verification. This function...
CVE-2026-3477
CVE-2026-3477 concerns the PZ Frontend Manager plugin for WordPress (versions up to 1.0.6). The vulnerability stems from the AJAX handler pzfm_user_request_action_callback(), registered via wp_ajax_pzfm_user_request_action, which lacks both capability checks and nonce verification. When the reque...
CVE-2026-3480 WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter
The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...
CVE-2026-3480 WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter
The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an adminpost action hook 'wp-blockade-shortcode-render' that maps to the rendershortcodepreview function. This function lacks any capability check...
CVE-2026-3480
The CVE-2026-3480 entry concerns the WordPress plugin WP Blockade (versions up to and including 0.9.14). The vulnerability is a Missing Authorization flaw in the admin_post handler for the shortcode render path. The function render_shortcode_preview() does not perform any capability checks (no cu...
EUVD-2026-20044
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
CVE-2026-4299 concerns the WordPress plugin MainWP Child Reports (
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the /api/resources endpoint, bypassing the intended download permission...
Missing Authorization
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the...
PT-2026-31223
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through = 2.4.1...
PT-2026-31079
Name of the Vulnerable Software and Affected Versions MainWP Child Reports versions up to and including 2.2.6 Description The MainWP Child Reports plugin for WordPress has a missing authorization check in the heartbeat received function within the Live Update class. This allows authenticated...
PT-2026-31253
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a...
PT-2026-31263
Name of the Vulnerable Software and Affected Versions Andrew ShopWP versions through 5.2.4 Description Missing authorization allows exploiting incorrectly configured access control security levels. Recommendations Update to a version greater than 5.2.4...
PT-2026-31266
Name of the Vulnerable Software and Affected Versions Precious Metals Automated Product Pricing – Pro versions through 4.0.5 Description A missing authorization issue exists in nfusionsolutions Precious Metals Automated Product Pricing – Pro, allowing exploitation of incorrectly configured access...
PT-2026-31256
Name of the Vulnerable Software and Affected Versions Simply Schedule Appointments versions through 1.6.10.2 Description Missing authorization exists in NSquared Simply Schedule Appointments due to incorrectly configured access control security levels. Recommendations Update Simply Schedule...
PT-2026-31261
Name of the Vulnerable Software and Affected Versions AI Workflow Automation versions n/a through 1.4.2 Description Missing authorization allows exploiting incorrectly configured access control security levels. Recommendations Update AI Workflow Automation to a version greater than 1.4.2...