CVE-2026-3550

CVE-2026-3550 – RockPress (WordPress) vulnerability : RockPress

CVE-2026-3550

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...

WordPress RockPress plugin <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Modification via AJAX Actions vulnerability discovered by Poli - CMC Global in WordPress Plugin RockPress versions = 1.0.17...

CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIE...

PT-2026-26591

The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpress import, rockpress import status, rockpress last import, rockpress reset import, and rockpress check...

CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perfo...

EUVD-2026-13143

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

CVE-2026-26939

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

CVE-2026-26939

CVE-2026-26939 affects Kibana’s server-side Detection Rule Management. Missing Authorization (CWE-862) could allow an authenticated attacker with rule management privileges to configure Unauthorized Endpoint Response Actions (host isolation, process termination, process suspension). Root cause an...

Missing Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Missing Authorization in the Detection Rule Management. An attacker can perform unauthorized system actions, such as host isolatio...

CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

EUVD-2026-13081

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3...

EUVD-2026-13061

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3...

EUVD-2026-13067

Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through 3.5.09...

CVE-2026-25443

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through = 2.3.3...

CVE-2026-25443

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3...

CVE-2026-25443 WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fraud Prevention For Woocommerce: from n/a through 2.3.3...

CVE-2026-25312

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.8.3...

CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.8.3...