CVE-2026-27393 WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

EUVD-2026-31248

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

PT-2026-42491

Name of the Vulnerable Software and Affected Versions VillaTheme HAPPY versions prior to 1.0.11 Description A missing authorization issue in VillaTheme HAPPY allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to version 1.0.11 or later...

PT-2026-42434

Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...

PT-2026-42546

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description Missing authorization in the 'bulk user assignment.php' endpoint allows an authenticated user with access to the bulk user assignment dashboard page to perform privilege escalation to the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the POST /wikis/wikiName endpoint. An attacker can create or update documents in the target wiki by sending unauthenticated requests to the affected REST endpoint. Remediation Upgrade...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the OCI validator process when upstream rate limits are encountered. An attacker can bypass intended ownership restrictions by exploiting the lack of proper checks during rate-limited conditions. Remediation...

Missing Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

Missing Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

CVE-2026-45443

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

CVE-2026-27405

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2026-27424

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2026-27405

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...

CVE-2026-27405

CVE-2026-27405 concerns the WordPress plugin WpBookingly (Magepeople Inc.) up to version 1.2.9, where a Missing Authorization vulnerability enables broken access control. The issue affects WpBookingly 1.2.9 and earlier, with CVSS v3.1 base score 6.5 (Medium) and an attack vector over network. The...

CVE-2026-27424 WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

CVE-2026-27424

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

CVE-2026-27424

CVE-2026-27424 affects the WordPress plugin Image Photo Gallery Final Tiles Grid (Final Tiles Grid Gallery Lite) up to version 3.6.11. The issue is a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels. The CVSS 3.1 base score i...

CVE-2026-27424 WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...