21345 matches found
CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...
CVE-2026-27071 WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through = 3.0.7...
CVE-2026-27046
CVE-2026-27046: A Missing Authorization flaw in the StoreCustomizer plugin (StoreCustomizer – A plugin to Customize all WooCommerce Pages) affects WordPress installations using StoreCustomizer versions up to 2.6.3. The issue permits unauthenticated access due to misconfigured access controls, wit...
CVE-2026-27046 WordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through = 2.6.3...
CVE-2026-25462
CVE-2026-25462 is a Missing Authorization vulnerability in the avalex plugin for WordPress. Affected software: avalex (WordPress plugin) versions up to and including 3.1.3. Root cause: improper access control allows unauthorized access to/through the plugin. Impact as reported: Medium severity (C...
CVE-2026-25460
CVE-2026-25460 affects Ave Core (Ave Core plugin) for WordPress, with a Missing Authorization flaw in ave-core that permits exploitation due to incorrectly configured access control/security levels in Ave Core versions up to 2.9.1. The connected documents confirm the vendor/product (Ave Core) and...
CVE-2026-25469 WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability
Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through = 1.1.53...
CVE-2026-25462 WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...
CVE-2026-25460 WordPress Ave Core plugin <= 2.9.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through = 2.9.1...
CVE-2026-25469
CVE-2026-25469 concerns ViaBill – WooCommerce (viabill-woocommerce) up to version 1.1.53, with a Missing Authorization vulnerability that allows unauthenticated changes to settings. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, base score 6.5 (Medium). The Wordfence report lists Mis...
CVE-2026-25469 WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability
Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill WooCommerce: from n/a through = 1.1.53...
CVE-2026-25462 WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through = 3.1.3...
CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25455
CVE-2026-25455 is a Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce (woocommerce-products-slider). Affected versions cover Product Slider for WooCommerce up to 1.13.61. The issue arises from incorrectly configured access control, enabling unauthorized access to a...
CVE-2026-25456
CVE-2026-25456 (A2Z FedEx shipping plugin for WordPress, a2z-fedex-shipping) is a Missing Authorization vulnerability affecting Automated FedEx live/manual rates with shipping labels up to version 5.1.8. Reported with CVSS v3.1 base score 7.5 (Network, High confidentiality impact, No availability...
CVE-2026-25454
CVE-2026-25454 is a Missing Authorization vulnerability affecting The League WordPress Theme (the-league) up to version 4.4.1. The initial description notes Missing Authorization with an impact described as an access-control misconfiguration, affecting The League from not applicable to <= 4.4....
CVE-2026-25456 WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through = 5.1....
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25437
CVE-2026-25437 describes a Missing Authorization vulnerability in the GZSEO (WordPress plugin) until version 2.0.14. The description notes an exploit of incorrectly configured access control/security levels, but the provided documents do not specify the root cause in technical terms, affected fil...