WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...

CVE-2026-27395 WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

PT-2026-50087

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

EUVD-2026-36966

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

EUVD-2026-36968

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

EUVD-2026-36922

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

CVE-2026-49063

Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...

CVE-2026-39583

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

CVE-2026-34901

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49222

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

PT-2026-49367

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

PT-2026-49401

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

CVE-2026-53408

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

WordPress Frontend Admin by DynamiApps plugin <= 3.28.36 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Colin Xu in WordPress Plugin Frontend Admin by DynamiApps versions = 3.28.36...

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation vulnerability

Unauthenticated Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

Unity Linux 20.1070e Security Update: microcode_ctl (UTSA-2026-017785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017785 advisory. Hardware allows activation of test or debug logic at runtime for some IntelR processors which may allow an unauthenticated user to potentially enable escalation of...

WordPress Mentoring plugin <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration vulnerability

Unauthenticated Privilege Escalation in mentoringprocessregistration vulnerability discovered by シルAsuna in WordPress Plugin Mentoring versions = 1.2.8...

Script-for-profile-press-exploit-in-wordpress

CVE-2021-34621 – ProfilePress WP User Avatar Privilege Escal...