CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.4CVSS5.9AI score0.00245EPSS

CVE-2026-24362 WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

6.5CVSS5.8AI score0.00311EPSS

CVE-2026-24364 WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

Cvelist•added 2026/03/25 4:14 p.m.•25 views

CVE-2026-24369 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

7.1CVSS0.00307EPSS

Vulnrichment•added 2026/03/25 4:14 p.m.•0 views

CVE-2026-23972 WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.0...

6.5CVSS5.8AI score0.00305EPSS

7.5CVSS5.8AI score0.00366EPSS

CVE-2026-23977 WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through = 2.1.2...

Cvelist•added 2026/03/25 4:14 p.m.•26 views

CVE-2026-23972 WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

6.5CVSS0.00305EPSS

CVE•added 2026/03/25 4:14 p.m.•5 views

CVE-2026-23972

CVE-2026-23972 affects the WordPress plugin Booking and Rental Manager for WooCommerce (magepeopleteam). The vulnerability is a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels, potentially allowing unauthorized access to function...

6.5CVSS5.8AI score0.00305EPSS

7.5CVSS5.9AI score0.00353EPSS

CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through = 2.8...

Cvelist•added 2026/03/25 4:14 p.m.•23 views

CVE-2026-23806 WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

7.5CVSS0.00353EPSS

Cvelist•added 2026/03/25 4:14 p.m.•29 views

CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...

7.5CVSS0.00314EPSS

Cvelist•added 2026/03/25 4:14 p.m.•25 views

CVE-2026-22485 WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

Missing Authorization vulnerability in Ruhul Amin My Album Gallery my-album-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Album Gallery: from n/a through = 1.0.4...

6.5CVSS0.00302EPSS

6.5CVSS5.8AI score0.00302EPSS

CVE-2026-22485 WordPress My Album Gallery plugin <= 1.0.4 - Arbitrary File Deletion vulnerability

Vulnrichment•added 2026/03/25 4:14 p.m.•2 views

CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

7.5CVSS5.8AI score0.00314EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•4 views

PT-2026-28009

Name of the Vulnerable Software and Affected Versions WP Terms Popup versions through 2.10.0 Description An authorization issue exists in WP Terms Popup. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update WP Terms Popup to a version later...

7.5CVSS5.9AI score0.00287EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•3 views

PT-2026-28003

Name of the Vulnerable Software and Affected Versions bPlugins B Blocks versions prior to 2.0.30 Description An authorization issue exists in bPlugins B Blocks that allows exploitation of incorrectly configured access control security levels. Recommendations Update bPlugins B Blocks to version...

6.5CVSS5.9AI score0.00235EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•5 views

PT-2026-27897

Name of the Vulnerable Software and Affected Versions PublishPress Authors versions through 4.10.1 Description A missing authorization flaw exists in PublishPress Authors. This issue allows exploitation of incorrectly configured access control security levels. Recommendations Update PublishPress...

7.5CVSS5.9AI score0.00287EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•5 views

PT-2026-27849

Name of the Vulnerable Software and Affected Versions bdthemes Ultimate Post Kit versions through 4.0.21 Description An authorization issue exists in bdthemes Ultimate Post Kit, allowing exploitation due to incorrectly configured access control security levels. The issue impacts the...

6.4CVSS5.9AI score0.00245EPSS