21408 matches found
PT-2026-4188
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through = 4.11.63...
PT-2026-4048
Name of the Vulnerable Software and Affected Versions renatoatshown Shown Connector versions through 1.2.10 Description An authorization issue exists in renatoatshown Shown Connector shown-connector. The issue involves incorrectly configured access control security levels, potentially allowing...
PT-2026-4245
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through 1.7.5...
PT-2026-4269
Missing Authorization vulnerability in Element Invader Element Invader Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader Template Kits for Elementor: from n/a through = 1.2.4...
PT-2026-4249
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through = 4.4.9...
PT-2026-4059
Name of the Vulnerable Software and Affected Versions Onepay Payment Gateway For WooCommerce versions n/a through 1.1.2 Description The Onepay Payment Gateway For WooCommerce software contains a missing authorization issue. This allows exploitation due to incorrectly configured access control...
PT-2026-4045
Name of the Vulnerable Software and Affected Versions e-plugins Lawyer Directory versions through 1.3.3 Description An authorization issue exists in e-plugins Lawyer Directory, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update e-plugins...
PT-2026-4261
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through = 1.8.16...
PT-2026-4253
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through = 10.2.4...
PT-2026-4075
Name of the Vulnerable Software and Affected Versions Easy Property Listings versions through 3.5.17 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for potential exploitation of the system...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via improper validation of OIDC token claims after processing through CEL expressions. An attacker can gain unauthorized operator-level read access and perform actions such as suspend, resume, or reconcile by...
WordPress NotificationX plugin <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset vulnerability
Missing Authorization to Authenticated Contributor+ Analytics Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin NotificationX versions = 3.1.11...
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update vulnerability
WordPress Creator LMS - The LMS for Creators, Coaches, and Trainers plugin = 1.1.12 - Missing Authorization to Authenticated Contributor+ Arbitrary Options Update vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Creator LMS versions = 1.1.12...
EUVD-2026-3318
Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion...
CVE-2026-0554 NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset
The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2026-0554
CVE-2026-0554 pertains to the NotificationX WordPress plugin (versions up to 3.1.11) and describes a missing capability check on the REST endpoints /wp-json/notificationx/v1/campaigns/{campaign_id}/regenerate and /wp-json/notificationx/v1/campaigns/{campaign_id}/reset. This allows authenticated u...
CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the getitemspermissionscheck function in all versions up to, and including, 1.1.12. This...
MiracleLinux 7 : rh-postgresql12-postgresql-12.4-1.0.1.el7.AXS7 (AXSA:2020-947:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-947:01 advisory. postgresql: Uncontrolled search path element in logical replication CVE-2020-14349 postgresql: Uncontrolled search path element in CREATE EXTENSION...