CVE-2026-24965

Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contest Gallery: from n/a through = 28.1.1...

CVE-2026-24939

Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through = 2.13.6...

CVE-2026-24940

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

CVE-2026-24945

Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through = 3.5.34...

CVE-2026-24947

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.5.6.3...

WordPress Categorify plugin <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory vulnerability

Missing Authorization in categorifyAjaxAddCategory vulnerability discovered by Francesco Carlucci in WordPress Plugin Categorify versions = 1.0.7.4...

WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles vulnerability

Missing Authorization via bulkUpdatePostTitles vulnerability discovered by Francesco Carlucci in WordPress Plugin Bulk Edit Post Titles versions = 5.0.0...

CVE-2026-25028

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25036

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

CVE-2026-25028 WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25036 WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

CVE-2026-25028 WordPress ElementInvader Addons for Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25036 WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

CVE-2026-25028

CVE-2026-25028 affects WordPress plugin ElementInvader Addons for Elementor (versions up to and including 1.4.1). The root cause is missing authorization due to incorrectly configured access control security levels, enabling unauthorized access. Vulnerable component: ElementInvader Addons for Ele...

CVE-2026-25036

CVE-2026-25036 describes a Missing Authorization / Broken Access Control in the WP Chill Passster content-protector plugin (Passster) affecting versions up to and including 4.2.25. Exploitation context is not detailed in the provided documents, but multiple sources confirm an authorization/config...

EUVD-2026-5310

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through = 4.2.25...

EUVD-2026-5311

Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.1...

CVE-2026-25021 WordPress Mizan Demo Importer plugin <= 0.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through = 0.1.3...

CVE-2026-25021

Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mizan Demo Importer: from n/a through = 0.1.3...

CVE-2026-25021

The CVE-2026-25021 affects the WordPress Mizan Demo Importer plugin (mizan-demo-importer). Affected versions are up to and including 0.1.3. The issue is a Missing Authorization / Broken Access Control vulnerability in the mizan-demo-importer component, allowing exploitation through incorrectly co...