CVE-2026-24951

CVE-2026-24951 refers to a Missing Authorization / Broken Access Control in the WordPress myCred plugin, affecting versions up to 2.9.7.3. The root cause is incorrectly configured access control levels. Impact is described as a partial or limited integrity risk with no explicit exploitation detai...

CVE-2026-24940

CVE-2026-24940 concerns the WordPress Travelfic Toolkit plugin (travelfic-toolkit) with versions up to and including 1.3.3. The issue is described as Missing Authorization due to incorrectly configured access control security levels, effectively a broken access control vulnerability. The Red Hat,...

CVE-2026-24940 WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

CVE-2026-24939 WordPress Modula Image Gallery plugin <= 2.13.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through = 2.13.6...

CVE-2026-24939

Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through = 2.13.6...

CVE-2026-24940 WordPress Travelfic Toolkit plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

CVE-2026-24940

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

EUVD-2026-5188

Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n/a through = 1.3.3...

CVE-2026-24939

CVE-2026-24939 affects the WordPress plugin Modula Image Gallery (modula-best-grid-gallery) up to and including version 2.13.6. The issue is described as a broken/incorrectly configured access control that may allow unauthorized access due to Missing Authorization. Public sources (PatchStack, Red...

WordPress Royal Elementor Kit plugin <= 1.0.116 - Missing Authorization to Arbitrary Transient Update vulnerability

Missing Authorization to Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Theme Royal Elementor Kit versions = 1.0.116...

WordPress Schema App Structured Data plugin <= 2.2.0 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Francesco Carlucci in WordPress Plugin Schema App Structured Data versions = 2.2.0...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via restorerecords vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.1 - Missing Authorization to Authenticated Subscriber+ Event Export vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.1...

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin = 8.5.6 - Missing Authorization via setstarred vulnerability discovered by Francesco Carlucci in WordPress Plugin NEX-Forms versions = 8.5.6...

WordPress Redirects plugin <= 1.2.1 - Missing Authorization via save vulnerability

Missing Authorization via save vulnerability discovered by Francesco Carlucci in WordPress Plugin Redirects versions = 1.2.1...

WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability

Missing Authorization to Unauthenticated Arbitrary Resume Download vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

WordPress WP Job Portal plugin <= 2.2.2 - Missing Authorization to Limited Privilege Escalation vulnerability

Missing Authorization to Limited Privilege Escalation vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin WP Job Portal versions = 2.2.2...

EUVD-2026-5275

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

CVE-2026-1371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...

WordPress WP Courses LMS plugin <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Update vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP Courses LMS versions = 3.2.21...