224 matches found
EUVD-2026-37637
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
EUVD-2026-37641
Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...
EUVD-2026-37674
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
EUVD-2025-210222
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2026-54196
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-39546
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
CVE-2025-59563
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2026-54805
The CVE covers the WordPress plugin Falang multilanguage (vulnerable:
CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2026-48889
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
EUVD-2026-36862
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48889
The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions <= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...
PT-2026-49492
Name of the Vulnerable Software and Affected Versions Amelia versions prior to 2.4 Description A privilege escalation issue exists where users with Subscriber roles can gain higher privileges. Recommendations Update to a version later than 2.3...
CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...
CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...
CVE-2026-6566
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
EUVD-2026-31063
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CVE-2026-7648
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...