21385 matches found
CVE-2026-27361
CVE-2026-27361 is a missing/broken authorization vulnerability in the WordPress plugin Responsive Posts Carousel Pro (versions up to 15.1). Public data indicates an exploitable misconfiguration of access control, allowing unauthorized access to protected functionality or data. The CVSSv3.1 base s...
CVE-2026-27362
CVE-2026-27362 concerns a missing/broken authorization vulnerability in the WordPress plugin WP Bakery Autoresponder Addon (vc-autoresponder-addon). Affected versions are up to 1.0.6 (
CVE-2026-27344 WordPress inseri core plugin <= 1.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through = 1.0.5...
CVE-2026-27344
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through = 1.0.5...
CVE-2026-27344 WordPress inseri core plugin <= 1.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in inseriswiss inseri core inseri-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects inseri core: from n/a through = 1.0.5...
CVE-2026-27344
CVE-2026-27344 : Missing Authorization vulnerability in the WordPress plugin inseri core (inseri-core) affects versions n/a through
CVE-2026-23799
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799 WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-23799
CVE-2026-23799 is a Missing Authorization / Broken Access Control flaw in Themeum Tutor LMS (Tutor LMS) up to version 3.9.5. CVSSv3.1 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N with base score 6.5 (Medium). Public sources (NVD, Red Hat, CVE List, Patchstack, AttackKB, VulnEnrichment) id...
CVE-2026-23799 WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.5...
CVE-2026-22479
CVE-2026-22479 describes a missing authorization flaw in the WordPress plugin Easy Post Submission (versions up to 2.4.0). The issue is a Broken Access Control vulnerability allowing exploitation of misconfigured access levels, with the CVSSv3.1 base score of 7.5 (HIGH) and an attack vector of NE...
CVE-2026-22459 WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...
CVE-2026-22459 WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...
CVE-2026-22459
CVE-2026-22459 affects the WordPress plugin WP CTA – Call Now Button, Sticky Button & Call to Action Builder (easy-sticky-sidebar). The issue is a Missing Authorization vulnerability due to incorrectly configured access control, allowing exploitation within WordPress CTA versions up to 2.1.2. Wor...
CVE-2025-69340 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through = 1.0.3...
CVE-2025-69340 WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through = 1.0.3...
CVE-2025-69340
CVE-2025-69340 is a Missing Authorization vulnerability in the WordPress plugin WeDesignTech Ultimate Booking Addon (versions up to 1.0.3). The issue enables improper access control (broken/unauthorized access) with a CVSS v3.1 base score of 7.5 (HIGH) and network attack vector with no user inter...
CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...
CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...
CVE-2026-2899
CVE-2026-2899 affects the Fluent Forms Pro Add On Pack for WordPress up to version 6.1.17. The root cause is Missing Authorization in the Uploader::deleteFile() path, due to lack of nonce verification and capability checks. The AJAX action is registered via addPublicAjaxAction(), creating both wp...