21328 matches found
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903 WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3...
CVE-2026-34903
The CVE-2026-34903 entry describes a Missing Authorization vulnerability in OceanWP Ocean Extra, affecting Ocean Extra up to version 2.5.3. The issue is categorized as a Broken Access Control with CVSS 3.1 base score 5.4 (Network, Low Privileges Required, No User Interaction, Confidentiality None...
CVE-2026-34899
CVE-2026-34899 relates to a Missing Authorization / Broken Access Control issue in the WordPress plugin “LTL Freight Quotes – Worldwide Express Edition.” Connected details confirm the vulnerability affects versions up to 5.2.1, described as a broken access control flaw discovered in WordPress Plu...
CVE-2026-34899
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
EUVD-2026-19592
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
CVE-2026-34899 WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1...
PT-2026-30810
Name of the Vulnerable Software and Affected Versions OceanWP Ocean Extra versions through 2.5.3 Description An authorization issue exists in OceanWP Ocean Extra. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update OceanWP Ocean Extra to a...
PT-2026-30901
The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...
PT-2026-30929
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/task id routes witho...
PT-2026-30808
Name of the Vulnerable Software and Affected Versions Eniture technology LTL Freight Quotes – Worldwide Express Edition versions through 5.2.1 Description A missing authorization issue exists in Eniture technology LTL Freight Quotes – Worldwide Express Edition due to incorrectly configured access...
Trane Tracer SC, Tracer SC+, and Tracer Concierge Missing Authorization (CVE-2026-28254)
A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin = 3.6.3 - Missing Authorization to Authenticated Contributor+ Media Upload vulnerability discovered by lucsob in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.3...
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload vulnerability
WordPress Kadence Blocks - Page Builder Toolkit for Gutenberg Editor plugin = 3.6.3 - Missing Authorization to Authenticated Contributor+ Media Upload vulnerability discovered by lucsob in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.3...
CVE-2026-35182 Missing Authorization Privilege Escalation
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...
CVE-2026-35182 Missing Authorization Privilege Escalation
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...
CVE-2026-35182
Brave CMS (open-source) before version 2.0.6 contains a missing authorization check in the POST /rights/update-role/{id} endpoint (routes/web.php). The update-role action lacked the checkUserPermissions:assign-user-roles middleware, allowing any authenticated user to change account roles and prom...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing return statement after a permission check in the ServeHTTP function. An attacker can gain unauthorized access to, create, download, and delete sensitive legal hold data by sending crafted API...
EUVD-2025-209219
The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeocorehandledroppedmedia" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This...