Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27056 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8.
|
|||||
| CVE-2026-25348 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.10.15.
|
|||||
| CVE-2026-25338 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4.
|
|||||
| CVE-2026-25336 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through <= 1.1.5.
|
|||||
| CVE-2026-25333 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11.
|
|||||
| CVE-2026-25321 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
|
|||||
| CVE-2026-25314 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
|
|||||
| CVE-2026-25311 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.
|
|||||
| CVE-2026-25308 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.
|
|||||
| CVE-2026-25003 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.
|
|||||
| CVE-2026-25000 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.2.0.
|
|||||
| CVE-2026-24999 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through <= 5.16.1.
|
|||||
| CVE-2026-24375 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through <= 3.2.4.
|
|||||
| CVE-2026-23804 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.
|
|||||
| CVE-2026-1355 | 1 Github | 1 Enterprise Server | 2026-02-19 | N/A | 6.5 MEDIUM |
|
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration identifier, an attacker could overwrite or replace a victim’s migration archive, potentially causing victims to download attacker-controlled repository data during migration restores or automated imports. An ...
Show More |
|||||
| CVE-2026-25410 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.
|
|||||
| CVE-2026-25374 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through <= 1.3.2.
|
|||||
| CVE-2026-25367 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.
|
|||||
| CVE-2026-25335 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 5.0.0.
|
|||||
| CVE-2026-25332 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through <= 2.2.9.
|
|||||
| CVE-2026-25320 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
|
|||||
| CVE-2026-25318 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
|
|||||
| CVE-2026-25419 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.
|
|||||
| CVE-2026-25416 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
|
|||||
| CVE-2026-25409 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
|
|||||
| CVE-2026-25408 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.
|
|||||
| CVE-2026-25407 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
|
|||||
| CVE-2026-25402 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0.
|
|||||
| CVE-2026-25399 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.
|
|||||
| CVE-2026-25395 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.
|
|||||
| CVE-2026-25394 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.
|
|||||
| CVE-2026-25393 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0.6.
|
|||||
| CVE-2026-25391 | 2026-02-19 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07.
|
|||||
| CVE-2026-25386 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.
|
|||||
| CVE-2026-25384 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.
|
|||||
| CVE-2026-25375 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.
|
|||||
| CVE-2026-25372 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.
|
|||||
| CVE-2026-25368 | 2026-02-19 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1.
|
|||||
| CVE-2026-25242 | 1 Gogs | 1 Gogs | 2026-02-19 | N/A | 9.8 CRITICAL |
|
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the server via /releases/attachments and /issues/attachments. This enables the instance to be abused as a public file host, potentially leading to disk exhaustion, content hosting, or delivery of malware. CSRF tokens do not mitigate this attack due to same-o ...
Show More |
|||||
| CVE-2026-27042 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
|
|||||