CVE-2026-1932

CVE-2026-1932 affects the WordPress plugin “Appointment Booking Calendar Plugin – Bookr”. The root cause is a missing capability check on the update-appointment REST endpoint, allowing unauthenticated modification of appointment status. Affected versions are all up to 1.0.2 (inclusive). The conse...

CVE-2026-0692

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's WCGeolocation::getipaddress function to validate IPN requests, which trusts user-controllable...

CVE-2026-0692 BlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's WCGeolocation::getipaddress function to validate IPN requests, which trusts user-controllable...

CVE-2025-14067

The CVE-2025-14067 entry concerns the WordPress plugin Easy Form Builder (

PT-2026-8072

The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimp campaigns manager disconnect app function that is hooked to the AJAX action of the same name. This makes it...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the admin/login process. An attacker can gain unauthorized access to administrative backend functionality by leveraging insufficient role-based access control checks during authentication. This is only...

WordPress Accordion and Accordion Slider plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Attachment Metadata Modification vulnerability

Missing Authorization to Authenticated Contributor+ Attachment Metadata Modification vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Accordion and Accordion Slider versions = 1.4.5...

WordPress Easy Form Builder plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Response Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Response Data Exposure vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Easy Form Builder versions = 3.9.3...

SAP NetWeaver AS ABAP Missing Authorization Check (3674774)

The version of SAP NetWeaver Application Server ABAP detected on the remote host is affected by a missing authorization check vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server ABAP and ABAP Platform is affected by a missing authorization...

SAP NetWeaver AS ABAP and S/4HANA Missing Authorization Check (3672622)

The version of SAP NetWeaver Application Server ABAP and SAP S/4HANA detected on the remote host is affected by a missing authorization check vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server ABAP and SAP S/4HANA is affected by a missing...

WordPress FastDup - Fastest WordPress Migration & Duplicator plugin <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download vulnerability

WordPress FastDup - Fastest WordPress Migration & Duplicator plugin = 2.7.1 - Missing Authorization to Authenticated Contributor+ Backup Creation and Download vulnerability discovered by WordFence in WordPress Plugin FastDup versions = 2.7.1...

CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

CVE-2026-1671

The CVE concerns the WordPress Activity Log plugin for WordPress. A missing capability check in winter_activity_log_action() affects all versions up to and including 1.2.8, allowing authenticated users with Subscriber-level access or higher to view potentially sensitive data stored in exposed log...

CVE-2026-1671 Activity Log for WordPress <= 1.2.8 - Missing Authorization to Sensitive Information Exposure via Log File

The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winteractivitylogaction function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2026-1537

CVE-2026-1537 pertains to the WordPress plugin LatePoint – Calendar Booking Plugin for Appointments and Events. The vulnerability is an missing authorization to booking details exposure in all versions up to and including 5.2.6, enabling unauthenticated attackers to view sensitive booking data (c...

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin <= 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability

WordPress LatePoint - Calendar Booking Plugin for Appointments and Events plugin = 5.2.6 - Missing Authorization to Booking Details Exposure vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin LatePoint versions = 5.2.6...

CVE-2026-25633 Statamic's missing authorization allows access to assets

Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...

CVE-2026-21743

A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotecte...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing authorization that allows access to assets. An attacker can access and download sensitive files and view their metadata by sending requests as an authenticated user without the necessary permission...

GHSA-GWMX-9GCJ-332H Statamic CMS's missing authorization allows access to assets

Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...