PT-2026-5070

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the miga ajax editor cal delete function that is hooked to the miga editor cal delete AJAX action with both...

PT-2026-5061

The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the image replacement from url function that is hooked to the eri from url AJAX action. This makes it possible for...

PT-2026-5078

The RegistrationMagic plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 6.0.7.4. This is due to missing nonce verification and capability checks on the rm set otp AJAX action handler. This makes it possible for unauthenticated attackers to modify...

WordPress WP Go Maps (formerly WP Google Maps) plugin <= 10.0.04 - Missing Authorization to Authenticated (Subscriber+) Map Engine Setting Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Map Engine Setting Modification vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin WP Go Maps versions = 10.0.04...

CVE-2026-23683 Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)

SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted...

VulnCheck KEV: CVE-2023-32117

Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99...

Dell PowerScale OneFS Unauthorised File Access Vulnerability (DSA-2025-208)

The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by a Unauthorised File Access Vulnerability: - Dell PowerScale OneFS, versions 9.5.0.0 = 9.5.1.2 / 9.7.0.0 = 9.7.1.7 / 9.8.0.0 = 9.10.0.1, contain a missing authorization vulnerability in the NF...

CVE-2026-24636

Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...

CVE-2026-24551

Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through = 1.1.3...

CVE-2026-24577

Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through = 3.8.4.8...

CVE-2026-24607

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through = 1.3.3...

CVE-2026-24595

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through = 1.8.1.9...

CVE-2026-24568

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through = 11.1.0...

CVE-2026-24616

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through = 2.2.0.5...

CVE-2026-24524

Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through = 1.2.8...

CVE-2026-24522

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through = 1.2.16...

CVE-2026-24540

Missing Authorization vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through = 1.5.6...

CVE-2026-24562

Missing Authorization vulnerability in Ryviu Ryviu - Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu - Product Reviews for WooCommerce: from n/a through = 3.1.26...

CVE-2026-24579

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through = 1.1.9...

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...