226 matches found
CVE-2026-56010
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...
EUVD-2026-39686
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...
EUVD-2026-37641
Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...
EUVD-2026-37637
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
EUVD-2026-37674
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
EUVD-2025-210222
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2026-54196
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-39546
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
CVE-2025-59563
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2026-54805
The CVE covers the WordPress plugin Falang multilanguage (vulnerable:
CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
CVE-2025-59563 WordPress Sonaar theme <= 4.27.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Sonaar = 4.27.4 versions...
CVE-2026-48889
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48889
The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions <= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
EUVD-2026-36862
Subscriber Privilege Escalation in Amelia = 2.3 versions...
PT-2026-49492
Name of the Vulnerable Software and Affected Versions Amelia versions prior to 2.4 Description A privilege escalation issue exists where users with Subscriber roles can gain higher privileges. Recommendations Update to a version later than 2.3...
CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...
CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...
CVE-2026-6566
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...