EUVD-2026-12451

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

EUVD-2026-12452

Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the BucketsController-actionLoadBucketData endpoint. An attacker can retrieve a list of accessible buckets by sending a request with a valid CSRF token, even without authentication. Remediation Upgrade...

CVE-2026-32587

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through = 4.2.11...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the channel search API endpoint. An attacker can access information about all public channels within a private team by querying the API after being removed from the team. Remediation Upgrade...

Missing Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Missing Authorization in the invite ID validation process. An attacker can gain unauthorized access to create accounts by using leaked invite IDs...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the invite ID validation process. An attacker can gain unauthorized access to create accounts by using leaked invite IDs during the team creation process. Remediation Upgrade...

CVE-2026-32587 WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through = 4.2.11...

CVE-2026-32587

Missing Authorization vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through = 4.2.11...

CVE-2026-32587 WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP EasyPay: from n/a through 4.2.11...

CVE-2026-32583

CVE-2026-32583 describes a broken access control in the Webnus Webnus Modern Events Calendar (WordPress) where misconfigured access control levels allow bypassing authorization. Affected: Modern Events Calendar

CVE-2026-2461

Mattermost Plugins versions

Missing authorization in the OpenAI thread/message API endpoints of GROWI

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Missing authorization in the OpenAI thread/message API endpoints CWE-862 - CVE-2026-25083 This can be exploited only when an attacker knows a shared AI assistant's identifier Sho Odagiri of GMO Cybersecurity by Ierae, In...

CVE-2025-69727

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

PT-2026-25763

Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0...

CVE-2026-2233 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

CVE-2026-2233

The CVE CVE-2026-2233 affects the WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration (wp-user-frontend). Multiple sources confirm a missing capability check in the draft_post() function that allows unauthenticated attackers to modi...

CVE-2026-1948

Technical details beyond the Initial Description are not provided in the Connected documents. Monitor for updates.

EUVD-2026-12029

Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through = 2.2.0...