CVE-2026-24615

Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...

CVE-2026-24606

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through = 4.3.13...

CVE-2026-24543

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through = 1.3.52...

CVE-2026-24578

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through = 1.1.5...

CVE-2026-24569

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through = 1.6.7...

CVE-2026-24587

Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through = 0.10.210305...

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

CVE-2026-24529

Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through = 1.6.7...

CVE-2026-24583

Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through = 2.7.9...

CVE-2026-24619

Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through = 1.8...

CVE-2026-24556

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through = 2.3.2...

CVE-2026-24602

Missing Authorization vulnerability in Raptive Raptive Ads adthrive-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Raptive Ads: from n/a through = 3.10.0...

CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

CVE-2025-14629 Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion

The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'deletefile' function in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary WordPress media...

CVE-2025-14629

CVE-2025-14629 affects the WordPress plugin Alchemist Ajax Upload . The vulnerability is a missing capability check in the delete_file function, allowing unauthenticated users to delete arbitrary WordPress media attachments in all versions up to and including 1.1. The Wordfence report catalogs th...

CVE-2026-1103

CVE-2026-1103 affects the WordPress AIKTP plugin up to version 5.0.04. The vulnerability arises from missing authorization checks on the /aiktp/getToken REST endpoint, which uses verify_user_logged_in (only confirming login) and does not verify administrative capabilities. As a result, authentica...

WordPress AIKTP plugin <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions vulnerability

Missing Authorization to Authenticated Subscriber+ Multiple Administrator Actions vulnerability discovered by Os in WordPress Plugin AIKTP versions = 5.0.04...

WordPress Alchemist Ajax Upload plugin <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability discovered by ChamlaVic in WordPress Plugin Alchemist Ajax Upload versions = 1.1...