Skip to main content
CVE-2026-24593 MEDIUM This Month

Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin contains a security vulnerability (CVSS 5.3).

WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24589 MEDIUM This Month

Cargus eCommerce versions 1.5.8 and earlier expose sensitive data in outbound communications due to improper information handling, allowing remote unauthenticated attackers to retrieve embedded sensitive information. The vulnerability requires no user interaction and carries a CVSS score of 5.3, though no patch is currently available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24562 MEDIUM This Month

The Ryviu product reviews plugin for WordPress versions 3.1.26 and earlier contains an authorization bypass vulnerability that allows unauthenticated attackers to modify data due to improperly configured access controls. This could enable attackers to manipulate product reviews or other protected functionality without proper authentication. No patch is currently available for this vulnerability.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24539 MEDIUM This Month

ABCdatos Protección de datos – RGPD plugin version 0.68 and earlier contains a missing authorization vulnerability that allows unauthenticated remote attackers to bypass access controls and gain unauthorized information disclosure. The misconfigured access control security levels permit exploitation without authentication or user interaction, affecting all users of the vulnerable plugin versions. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24530 MEDIUM This Month

sheepfish WebP Conversion version 2.1 and earlier contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability affects the webp-conversion component and has a low exploitability score with no patch currently available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24529 MEDIUM This Month

Alejandro Quick Restaurant Reservations quick-restaurant-reservations is affected by missing authorization (CVSS 5.3).

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24525 MEDIUM This Month

CloudPanel CLP Varnish Cache versions 1.0.2 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify cache content through improperly configured access controls. This could enable cache poisoning attacks or manipulation of cached responses affecting all users accessing the affected service.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-2204 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. [CVSS 4.7 MEDIUM]

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-22986 MEDIUM PATCH This Month

A race condition in the Linux kernel's gpiolib subsystem allows local attackers with privileges to cause a kernel crash by exploiting unprotected access to uninitialized SRCU synchronization structures during concurrent gpiochip driver initialization. An attacker can trigger this vulnerability by causing multiple drivers to call gpiochip_add_data_with_key() simultaneously, resulting in a kernel page fault and denial of service.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-22275 MEDIUM This Month

Elastic Cloud Storage versions up to 3.8.1.7 is affected by inclusion of sensitive information in source code (CVSS 4.4).

Information Disclosure Objectscale Elastic Cloud Storage
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-24534 MEDIUM This Month

UPress Booter versions up to 1.5.7 contain an authorization bypass in the booter-bots-crawlers-manager component that allows authenticated users to exploit misconfigured access controls and gain unauthorized administrative capabilities. An attacker with low-privilege credentials could achieve complete compromise of the application, including confidentiality, integrity, and availability violations. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-24541 MEDIUM This Month

Download After Email versions 2.1.9 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to bypass access control restrictions and gain unauthorized access to sensitive functionality. The vulnerability stems from improper validation of user permissions, enabling attackers on the network to read restricted information without authentication. No patch is currently available for this issue.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24564 MEDIUM This Month

Improper HTML tag sanitization in Israpil Textmetrics webtexttool versions up to 3.6.3 enables stored XSS attacks that allow authenticated users with high privileges to inject malicious scripts and compromise data confidentiality and integrity. An attacker with administrative access could inject code through web forms that executes in other users' browsers, potentially leading to session hijacking or credential theft. No patch is currently available for affected industrial deployments.

XSS
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24524 MEDIUM This Month

Essekia Tablesome versions up to 1.1.35.2 contain an authorization bypass vulnerability that allows authenticated attackers to access or modify resources they should not have permission to reach due to misconfigured access controls. The vulnerability requires low attack complexity and network access, potentially exposing sensitive data and allowing unauthorized modifications without authentication bypass. A patch is not currently available, leaving affected users vulnerable to exploitation by authenticated users.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24553 MEDIUM This Month

Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers contains a security vulnerability (CVSS 4.3).

WordPress Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24636 MEDIUM This Month

Improper access control in Sugar Calendar (Lite) through version 3.10.1 enables authenticated users to access calendar data and functionality beyond their authorized permission level. An attacker with valid login credentials can exploit misconfigured access controls to view sensitive information from other users' calendars. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24627 MEDIUM This Month

The Trusona WordPress plugin version 2.0.0 and earlier contains an authorization bypass that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized information disclosure. An attacker with valid WordPress credentials could leverage this vulnerability to access sensitive data they should not have permission to view. No patch is currently available for this vulnerability.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24580 MEDIUM This Month

Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24579 MEDIUM This Month

WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24578 MEDIUM This Month

Jahid Hasan Admin login URL Change admin-login-url-change is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24571 MEDIUM This Month

Improper access control in BOX NOW Delivery versions up to 3.0.2 enables authenticated attackers to read sensitive information by bypassing authorization checks. An attacker with valid credentials could exploit misconfigured security levels to access data they are not authorized to view, resulting in confidential information disclosure.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24569 MEDIUM This Month

Sully Media Library File Size media-library-file-size is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24567 MEDIUM This Month

briarinc Anything Order by Terms anything-order-by-terms is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24563 MEDIUM This Month

LifePress through version 2.1.3 contains an authorization bypass that allows authenticated users to access resources beyond their assigned permission levels. An attacker with valid credentials can exploit misconfigured access controls to read sensitive information they should not have access to. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24544 MEDIUM This Month

Harmonic Design HD Quiz versions up to 2.0.9 contain an access control vulnerability that allows authenticated users to read sensitive information by exploiting misconfigured security levels. An attacker with valid credentials can bypass authorization checks to access data they should not have permission to view. No patch is currently available for this issue.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24543 MEDIUM This Month

Horea Radu Materialis Companion materialis-companion is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24535 MEDIUM This Month

webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24522 MEDIUM This Month

Insufficient access control in MyThemeShop WP Subscribe plugin through version 1.2.16 allows authenticated attackers to bypass authorization checks and gain unauthorized access to sensitive information. An attacker with a user account can exploit misconfigured security levels to view data they should not have permission to access. No patch is currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24521 MEDIUM This Month

Timur Kamaev Kama Thumbnail kama-thumbnail is affected by cross-site request forgery (csrf) (CVSS 4.3).

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-46699 MEDIUM This Month

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. [CVSS 4.3 MEDIUM]

Information Disclosure Data Protection Advisor
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24532 MEDIUM This Month

Incorrect access control in SiteLock Security plugin versions up to 5.0.2 for WordPress allows authenticated users to modify content they should not have permission to access. An attacker with login credentials could exploit misconfigured security levels to bypass authorization checks and alter website data. No patch is currently available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13921 MEDIUM This Month

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. [CVSS 4.3 MEDIUM]

WordPress AI / ML PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24605 MEDIUM This Month

Inadequate access control in X Addons for Elementor up to version 1.0.23 permits authenticated users to bypass authorization checks and access restricted functionality. An attacker with valid credentials can exploit misconfigured security levels to gain unauthorized access to sensitive features or data. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24598 MEDIUM This Month

bestwebsoft Multilanguage by BestWebSoft multilanguage is affected by missing authorization (CVSS 4.3).

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24588 MEDIUM This Month

Authenticated users can bypass access controls in topdevs Smart Product Viewer through version 1.5.4 to access resources they should not have permission to view. This missing authorization check allows low-privileged attackers to gain unauthorized read access to sensitive information without requiring any user interaction. No patch is currently available for this vulnerability.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24596 MEDIUM This Month

marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails is affected by cross-site request forgery (csrf) (CVSS 4.7).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24549 MEDIUM This Month

GeoDirectory versions before 2.8.150 are vulnerable to cross-site request forgery attacks that could allow an attacker to perform unauthorized actions on behalf of authenticated users. The vulnerability requires user interaction to exploit and can result in integrity violations, though no patch is currently available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24542 MEDIUM This Month

John James Jacoby WP Term Order wp-term-order is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy