21345 matches found
CVE-2026-25309 WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through = 4.10.1...
CVE-2026-25034
Summary: CVE-2026-25034 affects the WordPress plugin KiviCare kivicare-clinic-management-system (Iqonic Design) with a Broken Access Control vulnerability. Affected versions: n/a through 3.6.16. Root cause / detail: Missing/incorrectly configured authorization allows exploitation of access-contro...
CVE-2026-25034 WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.16...
CVE-2026-25034 WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.16...
CVE-2026-25009
CVE-2026-25009 is a Missing Authorization vulnerability in Education Zone WordPress Theme. Affected software: Education Zone versions up to and including 1.3.8 (no details on earlier/other variants provided). Root cause: insufficient access control configuration allowing unauthorized actions on p...
CVE-2026-25009 WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through = 1.3.8...
CVE-2026-25009 WordPress Education Zone theme <= 1.3.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through = 1.3.8...
CVE-2026-25026
CVE-2026-25026 affects the WordPress Plugin Team (RadiusTheme Team tlp-team) with versions n/a through 5.0.11, described as a Missing Authorization / Broken Access Control vulnerability. The underlying issue is improper access-control configuration that could allow exploitation without privileges...
CVE-2026-25026 WordPress Team plugin <= 5.0.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...
CVE-2026-24987
CVE-2026-24987 is a Missing Authorization vulnerability in the WordPress Activity Log plugin (winterlock) family, affecting WP System Log versions up to 1.2.7, enabling unauthorized access to logs. CVSS 3.1 base 6.5 (I: High, A: None); exploitation status not detailed in provided documents; monit...
CVE-2026-24987 WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through = 1.2.7...
CVE-2026-24972 WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...
CVE-2026-24376 WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from n/a through = 4.2.1...
CVE-2026-24382
CVE-2026-24382 concerns WordPress theme News Magazine X (versions up to and including 1.2.50). The issue is described as a Missing Authorization vulnerability caused by incorrectly configured access control, allowing unauthorized access on affected pages. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U...
CVE-2026-24369
Summary (CVE-2026-24369) The WordPress The Grid plugin, prior to version 2.8.0, contains a Missing Authorization vulnerability caused by incorrectly configured access control security levels. This is described as a Broken Access Control issue, potentially enabling unauthorized access to protected...
CVE-2026-24362
CVE-2026-24362 is a concrete, vendor-confirmed vulnerability affecting Ultimate Post Kit Addons for Elementor (bdthemes Ultimate Post Kit)
CVE-2026-24363
CVE-2026-24363 is tied to the WordPress plugin WP Cost Estimation & Payment Forms Builder (component: WP_Estimation_Form). The vulnerability arises from incorrectly configured access control security levels in the form component, effectively causing a Missing Authorization/Broken Access Control i...
CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
CVE-2026-24363 WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WPEstimationForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.3.0...
CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...