8772 matches found
EUVD-2026-42787
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-11818
The CVE concerns the WPCafe WordPress plugin (up to version 3.0.14) where an authorization bypass exists in REST API endpoints. Authenticated users with subscriber-level access and above can perform admin-only actions (list, create, update, delete, clone, bulk-delete) on notification flow workflo...
CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-11818
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-5069 Fluent Forms <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation via 'subscription_id'
The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'subscriptionid' parameter in versions up to, and including, 6.2.1. This is due to insufficient ownership authorization checks in the payment cancellation AJAX flow. This makes it possible for authenticated...
CVE-2026-57031
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...
WordPress Import and export users and customers plugin <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Tiago Ventura perses in WordPress Plugin Import and export users and customers versions = 2.4.0...
WordPress GW AI Website Builder plugin <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin GW AI Website Builder versions = 1.0.1...
SUSE-SU-2026:2832-1 Security update for rustup
This update for rustup fixes the following issues Security issues: - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243862. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249008. - CVE-2026-41676: openssl: Deriver:derive and...
CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field
The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...
CVE-2026-13492
The CVE-2026-13492 entry concerns the WordPress UsersWP plugin (affected versions up to and including 1.2.65). The vulnerability arises from insufficient validation of file-field values in UsersWP_Validation::validate_fields(), which falls through to sanitize_text_field() for fields of type 'file...
WordPress WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Modification vulnerability discovered by Sushi Com Abacate in WordPress Plugin WPCafe versions = 3.0.14...
WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Subscription Cancellation vulnerability
Incorrect Authorization to Authenticated Subscriber+ Arbitrary Subscription Cancellation vulnerability discovered by Fernando Mecozzi in WordPress Plugin FluentForm versions = 6.2.1...
CVE-2026-9235
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
CVE-2026-9237
The Employee, Leave and Recruitment Management System – Crew HRM plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-9240
The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateShippingMethod function registered to the wpajaxlpcorderaffect AJAX action in versions up to, and including, 2.9.0...
CVE-2026-4298
The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...
CVE-2026-14372
The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...
CVE-2026-9235
The DHL eCommerce (Benelux) for WooCommerce WordPress plugin (up to version 2.2.3) is vulnerable to unauthorized modification and data loss due to missing capability checks and missing nonce verification in create_label() and delete_label(). These functions are tied to wp_ajax_dhlpwc_label_create...
EUVD-2026-42565
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...