CVE-2026-25315 WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...

CVE-2026-25311

CVE-2026-25311 relates to the WordPress plugin Autoshare for Twitter (versions up to and including 2.3.1). The root cause is a missing/incorrectly configured authorization mechanism leading to a broken access control vulnerability. The impact is described as enabling actions due to insufficient a...

CVE-2026-25308

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...

CVE-2026-25308 WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through = 4.6.9...

CVE-2026-25313 WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through = 6.1.14...

CVE-2026-25311 WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through = 2.3.1...

CVE-2026-25313

Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through = 6.1.14...

CVE-2026-25311

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through = 2.3.1...

CVE-2026-25313 WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through = 6.1.14...

CVE-2026-25308

CVE-2026-25308 affects the WordPress plugin Simple Membership (versions n/a through 4.6.9). The issue is described as Missing Authorization due to incorrectly configured access control security levels, resulting in a Broken Access Control vulnerability. The Red Hat/NVD entries and vulnerability a...

CVE-2026-25313

CVE-2026-25313 relates to the WordPress FluentForm plugin (versions up to 6.1.14). The Red Hat/NVD entries describe a Missing Authorization vulnerability in FluentForm that allows exploitation through incorrectly configured access control security levels. The CVSS 3.1 metrics indicate a network a...

CVE-2026-24999 WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through = 5.16.1...

CVE-2026-24999

CVE-2026-24999 concerns WordPress plugin “Alma gateway for WooCommerce” (WordPress Alma plugin

CVE-2026-25003

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

CVE-2026-25000

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through = 1.2.0...

CVE-2026-24999

Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through = 5.16.1...

CVE-2026-25003 WordPress Client Portal plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through = 1.2.1...

CVE-2026-24999 WordPress Alma plugin <= 5.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through = 5.16.1...

CVE-2026-25003

CVE-2026-25003 affects the WordPress Client Portal plugin (madalin.ungureanu) for WordPress, with versions up to and including 1.2.1. The issue is a Missing Authorization vulnerability arising from incorrectly configured access control security levels, effectively a broken access control defect. ...

CVE-2026-23804 WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through = 0.1.1...