21433 matches found
CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...
CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...
CVE-2025-14741
CVE-2025-14741 affects Frontend Admin by DynamiApps (WordPress) up to version 3.28.25. The issue is missing authorization for data deletion via the delete_object path, enabling unauthenticated attackers to delete posts, pages, products, taxonomy terms, and user accounts. Wordfence’s coverage conf...
CVE-2025-14741 Frontend Admin by DynamiApps <= 3.28.25 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via 'delete post' Form Element
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the 'deleteobject' function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated...
CVE-2025-13934
CVE-2025-13934 (Tutor LMS for WordPress) : The WordPress Tutor LMS plugin (versions up to 3.9.3) is affected by a missing capability check and purchasability validation in the course_enrollment() AJAX handler, enabling authenticated users with Subscriber+ to enroll in any course outside the prope...
CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulkactionhandler' and 'couponpermanentdelete' functions in all versions up to, and including, 3.9.3. This makes it...
CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...
CVE-2025-14886 Japanized for WooCommerce <= 2.7.17 - Missing Authorization to Unauthenticated Order Status Modification
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the order REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order a...
Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in zookeeper (CVE-2018-8012, CVE-2019-0201, CVE-2023-44981, CVE-2017-5637)
Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in zookeeper CVE-2018-8012, CVE-2019-0201, CVE-2023-44981, CVE-2017-5637. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2018-8012 DESCRIPTION: No authentication/authorization is enforced...
PT-2026-2026
Name of the Vulnerable Software and Affected Versions MediaWiki - CampaignEvents extension versions 1.39 through 1.45 Description A missing authorization flaw exists in the Wikimedia Foundation MediaWiki - CampaignEvents extension, potentially allowing privilege abuse. The issue relates to the...
PT-2026-1753
Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions through 3.28.25 Description The Frontend Admin by DynamiApps plugin for WordPress is affected by a missing authorization check, allowing unauthorized data modification and deletion. Specifically, a missing...
PT-2026-1732
Name of the Vulnerable Software and Affected Versions WP Page Permalink Extension versions prior to 1.5.5 Description The WP Page Permalink Extension plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the cwpp trigger...
WordPress Tutor LMS - eLearning and online course solution plugin <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass vulnerability
WordPress Tutor LMS - eLearning and online course solution plugin = 3.9.3 - Missing Authorization to Authenticated Subscriber+ Course Enrollment Bypass vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.3...
WordPress Forminator Forms plugin <= 1.49.1 - Missing Authorization to Authenticated (Forminator User+) CSV Export vulnerability
Missing Authorization to Authenticated Forminator User+ CSV Export vulnerability discovered by type5afe in WordPress Plugin Forminator versions = 1.49.1...
GHSA-6JM8-X3G6-R33J Soft Serve is missing an authorization check in LFS lock deletion
LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...
CVE-2026-22522
Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...
CVE-2026-22492
Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through = 24.07.04...
CVE-2026-22488
Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashboard-welcome-for-beaver-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through = 1.0.8...
CVE-2026-22490
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through = 2.4.9...
CVE-2026-22517
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...