CVE-2026-32498

CVE-2026-32498 is a Missing Authorization vulnerability in the RegistrationMagic plugin (RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login) affecting versions up to and including 6.0.7.6. The Wordfence report explicitly attributes the issue to broken access...

CVE-2026-32498

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...

CVE-2026-32495

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-32495 WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through = 2.10.0...

CVE-2026-32495

CVE-2026-32495 is a Missing Authorization vulnerability impacting the WP Terms Popup (WP Terms Popup) WordPress plugin, affecting versions from unknown up to and including 2.10.0. The root cause is an incorrectly configured access control security level (Missing Authorization), which can allow an...

CVE-2026-32489

CVE-2026-32489 affects the WordPress plugin b-blocks (bPlugins B Blocks) , specifically versions prior to 2.0.30 . The issue is a Missing Authorization / Broken Access Control due to incorrectly configured access control security levels . Publicly exploitable over the network with low attack comp...

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

CVE-2026-32489

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

CVE-2026-32441

CVE-2026-32441 is a Missing Authorization vulnerability in the WordPress plugin Comments Import & Export for WooCommerce, affecting versions up to and including 2.4.9. Connected sources confirm the issue type but do not provide exploit vectors, exact root cause, or a published fix in the supplied...

CVE-2026-32441

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-31921 WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...

CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-31921

CVE-2026-31921 affects Product Rearrange for WooCommerce (plugin) up to version 1.2.2. Described as Missing Authorization vulnerability enabling unauthorized access to rearrangement functionality. CVSSv3.1 base score 8.2 (HIGH) with network attack vector, no user interaction, no confidentiality i...

CVE-2026-31921

Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...

CVE-2026-32483

The CVE-2026-32483 entry concerns the WordPress plugin WordPress Contact Form Email (plugin) versions up to 1.3.63. It describes a Missing Authorization vulnerability caused by incorrectly configured access control security levels in codepeople Contact Form Email. The impact is described as high ...

CVE-2026-27071

CVE-2026-27071 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin WPCafe (wp-cafe) by Arraytics, affecting versions up to 3.0.7. The issue enables exploitation of incorrectly configured access control. CVSS v3.1 base score 9.1 (critical); vector: NETWORK, PR:...