21394 matches found
WordPress Mega Store Woocommerce plugin <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Page Creation and Settings Change vulnerability discovered by bugzy in WordPress Theme Mega Store Woocommerce versions = 5.9...
WordPress Breadcrumb NavXT plugin <= 7.5.0 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by NosleeP++ in WordPress Plugin Breadcrumb NavXT versions = 7.5.0...
WordPress CTX Feed - WooCommerce Product Feed Manager plugin <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation vulnerability
WordPress CTX Feed - WooCommerce Product Feed Manager plugin = 6.6.11 - Missing Authorization to Authenticated Shop Manager+ Arbitrary Plugin Installation vulnerability discovered by DityaRA in WordPress Plugin CTX Feed versions = 6.6.11...
WordPress ACF Photo Gallery Field plugin <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Attachment Metadata Modification vulnerability discovered by Rafshanzani Suhada in WordPress Plugin ACF Photo Gallery Field versions = 3.0...
WordPress Mesmerize Companion plugin <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settings Update vulnerability
Missing Authorization Authenticated Subscriber+ Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Mesmerize Companion versions = 1.6.158...
CVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2026-1355 Missing Authorization Check in GitHub Enterprise Server Allows Unauthorized Uploads to Repository Migration Exports
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...
CVE-2022-41650
Missing Authorization vulnerability in Paul Custom Content by Country by Shield Security custom-content-by-country.This issue affects Custom Content by Country by Shield Security: from n/a through 3.1.2...
CVE-2024-31118
Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70...
CVE-2026-1942 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2scurationdraft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies...
CVE-2026-1656 Business Directory Plugin <= 6.4.20 - Missing Authorization to Unauthenticated Arbitrary Listing Modification
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email...
CVE-2026-1831 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation
The YayMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized plugin installation and activation due to missing capability checks on the 'yaymailinstallyaysmtp' AJAX action and /yaymail/v1/addons/activate REST endpoint in all versions up to, and including, 4.3.2...
CVE-2026-1655
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...
CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...
CVE-2026-1938
The YayMail – WooCommerce Email Customizer for WordPress is affected by CVE-2026-1938: versions up to 4.3.2 expose the REST endpoint /yaymail-license/v1/license/delete without proper authorization, enabling authenticated attackers (Shop Manager level and higher) to delete the plugin license key i...
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...