21345 matches found
CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the deletequestionanswer function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The...
CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through insufficient authorization checks in the page content retrieval. An attacker can access the contents and attachments of non-public pages by sending unauthorized requests. Remediation Upgrade...
WordPress Hr Press Lite plugin <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Employee Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Employee Information Exposure vulnerability discovered by WordFence in WordPress Plugin Hr Press Lite versions = 1.0.2...
WordPress Canto plugin <= 3.1.1 - Missing Authorization to Unauthenticated File Upload vulnerability
Missing Authorization to Unauthenticated File Upload vulnerability discovered by oddshacker in WordPress Plugin Canto versions = 3.1.1...
WordPress Build App Online plugin <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability
Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action vulnerability discovered by WordFence in WordPress Plugin Build App Online versions = 1.0.23...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of account disablement in the api process. An attacker can regain access to a previously disabled account by bypassing administrator-imposed restrictions. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to insufficient enforcement of account disablement in the api process. An attacker can regain access to a previously disabled account by bypassing administrator-imposed restrictions. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the repo import process. An attacker can access unauthorized server-local private repositories by initiating a clone operation after authenticating. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the repo import process. An attacker can access unauthorized server-local private repositories by initiating a clone operation after authenticating. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources or perform actions outside their permitted organization by exploiting this lack of sco...
Missing Authorization
Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources ...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources or perform actions outside their permitted organization by exploiting this lack of sco...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources or perform actions outside their permitted organization by exploiting this lack of sco...
GO-2026-4773 Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk
Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk...
WordPress WP-Chatbot for Messenger plugin <= 4.9 - Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability
Missing Authorization to Unauthenticated Chatbot Configuration Takeover vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin WP-Chatbot for Messenger versions = 4.9...
WordPress RepairBuddy plugin <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Modification via wcrepshopsettingssubmission AJAX Action vulnerability discovered by WordFence in WordPress Plugin RepairBuddy versions = 4.1132...
EUVD-2026-13995
The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The speedup01ajaxenabled function, which handles the wpajaxspeedup01enabled AJAX action, does not perform any capability check via currentusercan and also lacks nonce...
EUVD-2026-14170
The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The saveconfig function, which handles the 'punnelsaveconfig' AJAX action, lacks any capability check currentusercan and nonce verification. This makes it...
EUVD-2026-13988
The Company Posts for LinkedIn plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.0. This is due to a missing capability check on the linkedincompanypostresethandler function hooked to adminpostresetlinkedincompanypost. This makes it possible for...