Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49375 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.
|
|||||
| CVE-2026-24566 | 2026-01-26 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.
|
|||||
| CVE-2025-69193 | 2026-01-26 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
|
|||||
| CVE-2025-69192 | 2026-01-26 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.
|
|||||
| CVE-2025-69191 | 2026-01-26 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.
|
|||||
| CVE-2026-24567 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.
|
|||||
| CVE-2026-22445 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through <= 2.6.4.
|
|||||
| CVE-2026-24583 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9.
|
|||||
| CVE-2026-24581 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through <= 2.9.5.
|
|||||
| CVE-2026-24580 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.
|
|||||
| CVE-2026-24579 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.
|
|||||
| CVE-2026-24578 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.
|
|||||
| CVE-2026-24571 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.
|
|||||
| CVE-2026-24570 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.
|
|||||
| CVE-2026-24569 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.
|
|||||
| CVE-2026-24568 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.
|
|||||
| CVE-2026-24556 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2.
|
|||||
| CVE-2026-24535 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.
|
|||||
| CVE-2026-22466 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3.
|
|||||
| CVE-2026-24551 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.
|
|||||
| CVE-2026-24380 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.
|
|||||
| CVE-2026-24371 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
|
Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through <= 1.8.16.
|
|||||
| CVE-2026-24368 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
|
|||||
| CVE-2026-24358 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3.
|
|||||
| CVE-2026-24357 | 2026-01-26 | N/A | 8.1 HIGH | ||
|
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4.
|
|||||
| CVE-2026-24356 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
|
|||||
| CVE-2026-24353 | 2026-01-26 | N/A | 8.1 HIGH | ||
|
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9.
|
|||||
| CVE-2026-23974 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
|
|||||
| CVE-2026-22472 | 2026-01-26 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.
|
|||||
| CVE-2025-52950 | 1 Juniper | 1 Security Director | 2026-01-26 | N/A | 9.6 CRITICAL |
|
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.
Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain ...
Show More |
|||||
| CVE-2026-24563 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.
|
|||||
| CVE-2026-23477 | 1 Rocket.chat | 1 Rocket.chat | 2026-01-26 | N/A | 7.7 HIGH |
|
Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0.
|
|||||
| CVE-2024-39650 | 1 Wpwebelite | 1 Woocommerce Pdf Vouchers | 2026-01-26 | N/A | 7.3 HIGH |
|
Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WooCommerce PDF Vouchers: from n/a through 4.9.4.
|
|||||
| CVE-2024-43274 | 1 Joomsky | 1 Js Help Desk | 2026-01-26 | N/A | 5.8 MEDIUM |
|
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6.
|
|||||
| CVE-2026-24522 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through <= 1.2.16.
|
|||||
| CVE-2025-12519 | 1 Centreon | 1 Centreon Web | 2026-01-26 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19.
|
|||||
| CVE-2025-12168 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
|
The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete log files.
|
|||||
| CVE-2025-14463 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
|
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint (`wppaypalcheckout_ajax_process_order`) that processes checkout results without any authentication or server-side verification of the PayPal transaction. This makes it possible for unauthenticated attackers to create arbitrary orders on the site with any chosen transaction ID, payment status, prod ...
Show More |
|||||
| CVE-2025-14029 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
|
The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_admin_event_approval() function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via the 'eventlist' parameter.
|
|||||
| CVE-2025-14450 | 2026-01-26 | N/A | 6.5 MEDIUM | ||
|
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to manipulate wallet withdrawal requests and arbitrarily increase their wallet balance or decrease other users' balances.
|
|||||