CVE-2026-25312

WordPress EventPrime plugin

CVE-2026-27091

Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through 3.5.09...

CVE-2026-27091 WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability

Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through = 3.5.09...

CVE-2026-27091 WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability

Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through = 3.5.09...

CVE-2026-2571 Download Manager <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'reviewUserStatus' function in all versions up to, and including, 3.3.49. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

EUVD-2026-13049

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070

The CVE concerns the WordPress WP eMember plugin ≤ v10.2.2, where a Missing Authorization vulnerability enables exploitation of misconfigured access control security levels. Affected component is the WP eMember access control mechanism, with root cause described as broken access control. CVSS 3.1...

CVE-2026-28070

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2...

PT-2026-26252

CVE-2026-28070 Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMe… https://t.co/cBQ3xQEZIl...

PT-2026-26324

Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspension via CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs. This requires an...

PT-2026-26261

CVE-2026-25312 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a thro… https://t.co/3ryCxu9GIp...

PT-2026-26275

Name of the Vulnerable Software and Affected Versions Dotstore Fraud Prevention For Woocommerce versions through 2.3.3 Description An authorization issue exists in Dotstore Fraud Prevention For Woocommerce due to incorrectly configured access control security levels. This allows for exploitation ...

PT-2026-26255

CVE-2026-27091 Missing Authorization vulnerability in UiPress UiPress lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: f… https://t.co/NqicZNv1ND...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the field action processing endpoint. An attacker can bypass intended authorization restrictions by submitting crafted requests with attacker-controlled field definitions. Remediation Upgrade statamic/cms to...

Missing Authorization

Overview frigate is an A tool for autogenerating helm documentation. Affected versions of this package are vulnerable to Missing Authorization via the DELETE /api/users/admin endpoint. An attacker can remove privileged user accounts and disrupt service availability by sending crafted requests wit...

EUVD-2026-12812

Missing Authorization vulnerability in WebberZone Contextual Related Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a before 4.2.2...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...

CVE-2026-32565

Missing Authorization vulnerability in Ajay Contextual Related Posts contextual-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contextual Related Posts: from n/a through 4.2.2...