Skip to main content
CVE-2026-32421 MEDIUM This Month

Post Timeline versions 2.4.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify data by exploiting improperly configured access controls. The vulnerability enables integrity compromise without requiring user interaction or special privileges. No patch is currently available for this issue.

Authentication Bypass Post Timeline
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32413 MEDIUM PATCH This Month

Permalink Manager Lite versions prior to 2.5.3 lack proper authorization controls, allowing unauthenticated remote attackers to modify content through incorrectly configured access restrictions. This missing authorization check enables attackers to alter data without authentication, affecting the integrity of managed permalinks. No patch is currently available for this vulnerability.

Authentication Bypass Permalink Manager Lite
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32410 MEDIUM This Month

The WBW Currency Switcher for WooCommerce plugin through version 2.2.5 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify plugin settings and configurations without proper access controls. This vulnerability affects WordPress sites running the vulnerable plugin versions and could enable attackers to alter currency settings or manipulate store functionality. No patch is currently available for this vulnerability.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32409 MEDIUM This Month

Forminator through version 1.50.2 contains an authorization bypass that allows unauthenticated attackers to modify data through incorrectly configured access controls. The vulnerability affects WordPress sites using the WPMU DEV Forminator plugin and requires no user interaction to exploit. No patch is currently available for this issue.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32404 MEDIUM This Month

Studio99 WP Monitor versions through 1.0.3 contain a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to modify data or settings due to incorrectly configured access controls. The vulnerability has a CVSS score of 5.3 with a network attack vector requiring no privileges or user interaction, enabling integrity compromise without authentication. There is no indication of active exploitation in the wild or public proof-of-concept code at this time, though the low attack complexity and network accessibility make this a moderate priority for WordPress site administrators running this monitoring plugin.

Authentication Bypass Studio99 Wp Monitor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32402 MEDIUM This Month

Image Slider By Ays versions 2.7.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify content through improper access control validation. The vulnerability affects the plugin's core functionality and could enable unauthorized changes to website content without proper authentication checks. No patch is currently available.

Authentication Bypass Image Slider By Ays
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32397 MEDIUM This Month

YMC Filter & Grids through version 3.5.1 contains an authorization bypass that allows unauthenticated remote attackers to modify data due to improperly configured access controls. The vulnerability affects the smart-filter component and could enable unauthorized alterations to filtered content or grid configurations without requiring user interaction or privileges.

Authentication Bypass Filter Grids
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32396 MEDIUM This Month

RadiusTheme Team versions up to 5.0.13 contain an access control misconfiguration that allows unauthenticated remote attackers to modify data through improper authorization checks. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting all installations running the affected version range. No patch is currently available.

Authentication Bypass Team
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32395 MEDIUM This Month

A Missing Authorization vulnerability (CWE-862) exists in Xpro Addons For Beaver Builder - Lite versions up to 1.5.6, allowing unauthenticated attackers to exploit incorrectly configured access control mechanisms and perform unauthorized modifications. The vulnerability has a CVSS score of 5.3 with a network attack vector requiring no privileges or user interaction, indicating an integrity impact without confidentiality or availability compromise. While the CVSS is moderate, the lack of authentication requirement and network accessibility make this a meaningful risk for WordPress sites using this plugin.

Authentication Bypass Xpro Addons For Beaver Builder 8211 Lite
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32387 MEDIUM This Month

Checkout for PayPal versions up to 1.0.46 contain an authorization bypass vulnerability allowing unauthenticated attackers to modify checkout data due to improper access control enforcement. An attacker can exploit this over the network without user interaction to tamper with payment transactions. Currently no patch is available for this vulnerability.

Authentication Bypass Checkout For Paypal
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32383 MEDIUM This Month

Ridhi through version 1.1.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to modify data due to improper access control configuration. An attacker can exploit this flaw without authentication or user interaction to alter information in affected installations. No patch is currently available for this vulnerability.

Authentication Bypass Ridhi
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32382 MEDIUM This Month

Improperly configured access controls in raratheme Digital Download through version 1.1.4 enable unauthenticated attackers to modify content without authorization. This missing authorization vulnerability allows remote attackers to alter data integrity in affected installations. No patch is currently available for this vulnerability.

Authentication Bypass Digital Download
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32381 MEDIUM This Month

Improper access control in raratheme App Landing Page version 1.2.2 and earlier permits unauthenticated attackers to modify application data through exploitation of inadequately configured security levels. This network-accessible vulnerability requires no user interaction and could allow attackers to alter critical application content without authorization. No patch is currently available for affected installations.

Authentication Bypass App Landing Page
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32380 MEDIUM This Month

Numinous theme versions up to 1.3.0 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability affects the theme's security implementation and could enable unauthorized changes to application data without authentication. No patch is currently available for this issue.

Authentication Bypass Numinous
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32379 MEDIUM This Month

Rara Academic theme versions up to 1.2.2 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify content due to improper access control configuration. The vulnerability enables unauthorized data manipulation without requiring authentication or user interaction. No patch is currently available for affected installations.

Authentication Bypass Rara Academic
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32378 MEDIUM This Month

Improper access control in raratheme Book Landing Page through version 1.2.7 permits unauthenticated attackers to modify content or data without proper authorization checks. The vulnerability stems from missing authentication validation on protected operations, allowing remote exploitation without user interaction. No patch is currently available.

Authentication Bypass Book Landing Page
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32377 MEDIUM This Month

Pranayama Yoga version 1.2.2 and earlier contains a missing authorization flaw that allows unauthenticated remote attackers to modify application data by exploiting improper access control configurations. The vulnerability has no available patch and could enable unauthorized changes to yoga class information or user content without authentication. With a CVSS score of 5.3, this affects any Pranayama Yoga installation using the vulnerable versions.

Authentication Bypass Pranayama Yoga
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32376 MEDIUM This Month

Improper access control in Kalon through version 1.2.9 enables unauthenticated remote attackers to modify data or configurations by exploiting misconfigured authorization checks. The vulnerability carries medium severity with a CVSS score of 5.3 and currently has no available patch.

Authentication Bypass Kalon
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32375 MEDIUM This Month

Travel Diaries through version 1.2.4 contains an authorization bypass that allows unauthenticated attackers to modify application data due to improperly configured access controls. The vulnerability affects all installations of the plugin and requires no user interaction to exploit, enabling attackers to alter sensitive travel diary information without proper authentication.

Authentication Bypass Travel Diaries
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32374 MEDIUM This Month

Improper access control in The Minimal WordPress theme versions up to 1.2.9 enables unauthenticated remote attackers to modify content or settings through incorrectly configured authorization checks. The vulnerability carries a medium severity rating with no available patch at this time.

Authentication Bypass The Minimal
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32371 MEDIUM This Month

Elegant Pink theme versions up to 1.3.3 contain an access control flaw that allows unauthenticated remote attackers to modify data through incorrectly configured authorization checks. The vulnerability enables integrity compromise without requiring authentication, though no patch is currently available.

Authentication Bypass Elegant Pink
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32370 MEDIUM This Month

Improper access control in raratheme Influencer through version 1.1.7 allows unauthenticated remote attackers to modify data or resources due to incorrectly configured authorization checks. The vulnerability requires no user interaction and can be exploited over the network, though no patch is currently available.

Authentication Bypass Influencer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32363 MEDIUM This Month

WPLifeCycle versions 3.3.1 and earlier contain an authorization bypass that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability affects the free PHP version and could enable unauthorized changes to application data without requiring authentication or user interaction. A patch is not currently available for this issue.

Authentication Bypass Wplifecycle
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32362 MEDIUM This Month

Insufficient access control in WP Sessions Time Monitoring Full Automatic version 1.1.3 and earlier permits unauthenticated attackers to modify data through improperly configured authorization checks. This vulnerability affects WordPress site administrators and users relying on the plugin to properly restrict access to session monitoring features. An attacker could exploit this to alter activity logs or session data without proper authentication.

Authentication Bypass Wp Sessions Time Monitoring Full Automatic
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32350 MEDIUM This Month

Improper access control in Chocolate House through version 1.1.5 allows unauthenticated remote attackers to modify data by bypassing authorization checks. The vulnerability affects all versions up to 1.1.5, and no patch is currently available. An attacker could exploit misconfigured security levels to gain unauthorized write access without authentication.

Authentication Bypass Chocolate House
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32348 MEDIUM This Month

MAS Videos through version 1.3.2 contains an authorization bypass that allows unauthenticated attackers to modify data due to improper access control validation. An attacker can exploit this vulnerability over the network without user interaction to manipulate protected resources. No patch is currently available for this vulnerability.

Authentication Bypass Mas Videos
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32347 MEDIUM This Month

The raratheme Restaurant and Cafe plugin through version 1.2.5 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify data through improperly configured access controls. An attacker can exploit this flaw to perform unauthorized actions without authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Restaurant And Cafe
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32346 MEDIUM This Month

Improper access control in raratheme Travel Agency versions up to 1.5.5 permits unauthenticated attackers to modify data through misconfigured authorization checks. This vulnerability allows unauthorized changes to travel agency information without requiring authentication or user interaction, potentially compromising business operations and data integrity.

Authentication Bypass Travel Agency
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32345 MEDIUM This Month

Perfect Portfolio version 1.2.4 and earlier contains a missing authorization control that allows unauthenticated attackers to modify content through improperly configured access restrictions. An attacker can exploit this vulnerability to alter data integrity without requiring authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Perfect Portfolio
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32341 MEDIUM This Month

Benevolent theme versions through 1.3.9 contain an authorization bypass that allows unauthenticated remote attackers to modify data due to improperly configured access controls. The vulnerability affects the CMS's ability to enforce proper permission checks, enabling unauthorized content manipulation without authentication. No patch is currently available for this medium-severity issue.

Authentication Bypass Benevolent
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32340 MEDIUM This Month

Business One Page up to version 1.3.2 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data due to improperly configured access controls. An attacker can exploit this weakness to alter sensitive information without requiring valid credentials or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Business One Page
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32339 MEDIUM This Month

Bakes And Cakes plugin versions up to 1.2.9 contain an authorization bypass vulnerability that allows unauthenticated attackers to modify data due to improper access control configuration. An attacker could exploit this over the network without authentication to perform unauthorized state changes. No patch is currently available for this vulnerability.

Authentication Bypass Bakes And Cakes
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32338 MEDIUM This Month

The Construction Landing Page plugin through version 1.4.1 contains a missing authorization vulnerability that allows unauthenticated attackers to modify data through improperly configured access controls. An attacker can exploit this flaw to perform unauthorized changes to the application without authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Construction Landing Page
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32337 MEDIUM This Month

Improperly configured access controls in the Preschool and Kindergarten plugin (versions up to 1.2.5) allow unauthenticated attackers to modify content or settings without proper authorization. This missing authorization vulnerability affects websites using the vulnerable plugin and could enable unauthorized data tampering. No security patch is currently available for this vulnerability.

Authentication Bypass Preschool And Kindergarten
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32336 MEDIUM This Month

Rara Business WordPress theme version 1.3.0 and earlier contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability requires no user interaction and can be exploited over the network, though no patch is currently available. Affected installations should implement additional access control measures or upgrade when patches become available.

Authentication Bypass Rara Business
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32335 MEDIUM This Month

Incorrect access control in The Conference WordPress theme versions up to 1.2.5 allows unauthenticated remote attackers to modify content by exploiting misconfigured authorization checks. An attacker can leverage this vulnerability to alter data without proper authentication, impacting the integrity of the affected website.

Authentication Bypass The Conference
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32334 MEDIUM This Month

JobScout versions 1.1.7 and earlier contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability enables attackers to perform unauthorized actions without proper authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Jobscout
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32332 MEDIUM This Month

Easy Form versions 2.7.9 and earlier are vulnerable to missing authorization controls that allow unauthenticated attackers to modify data through incorrectly configured access restrictions. An attacker can exploit this vulnerability remotely without authentication to perform unauthorized data manipulation operations. No patch is currently available for this vulnerability.

Authentication Bypass Easy Form
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32329 MEDIUM This Month

Advanced Related Posts plugin through version 1.9.1 contains insufficient authorization controls that allow unauthenticated remote attackers to modify plugin settings and data. The vulnerability stems from improperly configured access restrictions in the plugin's functionality, enabling attackers to alter post relationships without proper authentication or permission validation.

Authentication Bypass Advanced Related Posts
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31916 MEDIUM This Month

Latest Post Shortcode plugin through version 14.2.1 contains an authorization bypass that allows unauthenticated attackers to modify content through improperly configured access controls. The vulnerability affects websites running the vulnerable plugin versions and could enable unauthorized data manipulation without requiring user interaction or authentication. No patch is currently available for this issue.

Authentication Bypass Latest Post Shortcode
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31915 MEDIUM This Month

Insufficient authorization controls in Flatsome theme versions 3.19.6 and earlier allow unauthenticated remote attackers to modify data through improperly configured access restrictions. The vulnerability enables unauthorized modifications without requiring user interaction, potentially compromising content integrity across affected websites.

Authentication Bypass Flatsome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32724 MEDIUM This Month

PX4 Autopilot versions prior to 1.17.0-rc1 contain a heap-use-after-free vulnerability in the MavlinkShell::available() function caused by a race condition between the MAVLink receiver and telemetry sender threads. Remote attackers can trigger this vulnerability by sending crafted SERIAL_CONTROL messages (ID 126) via MAVLink, leading to denial of service of the flight control system. The vulnerability affects drone operators and systems accepting MAVLink telemetry from untrusted ground stations or networks.

Information Disclosure Memory Corruption Use After Free Px4 Autopilot
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22201 MEDIUM PATCH This Month

wpDiscuz before version 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows unauthenticated attackers to spoof their IP address by manipulating HTTP headers (HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR). This enables circumvention of IP-based rate limiting and ban enforcement mechanisms, allowing attackers to bypass security controls that rely on IP-based detection. The vulnerability has a CVSS score of 5.3 with low attack complexity and no authentication required, making it easily exploitable in network environments.

Authentication Bypass Wpdiscuz
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32707 MEDIUM PATCH This Month

PX4 autopilot versions prior to 1.17.0-rc2 contain an unbounded memcpy vulnerability in the tattu_can module that allows stack memory corruption when processing specially crafted CAN frames. An attacker with CAN bus injection capability can trigger denial of service or memory corruption in drone systems where tattu_can is enabled, potentially compromising flight safety and system stability.

Buffer Overflow Stack Overflow Px4 Autopilot
NVD GitHub VulDB
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-12453 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in OpenText Vertica's management console application due to improper input neutralization during web page generation (CWE-79). The vulnerability affects Vertica versions 10.0 through 25.3.X, allowing attackers to inject malicious scripts that execute in users' browsers when they click attacker-controlled links. With a CVSS v4.0 score of 5.1 and network-based attack vector requiring user interaction, this represents a moderate risk with limited direct technical impact but potential for credential theft or session hijacking.

XSS Vertica
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-12454 MEDIUM This Month

This vulnerability is a Reflected Cross-Site Scripting (XSS) flaw in OpenText Vertica's management console that fails to properly neutralize user input during web page generation. The issue affects Vertica versions 10.0 through 25.1.x across multiple major version branches, allowing attackers to inject malicious scripts that execute in users' browsers. With a CVSS score of 5.1 (medium severity) and a network attack vector requiring only user interaction, this vulnerability poses a moderate but exploitable risk to Vertica deployments, particularly those exposing the management console to untrusted networks.

XSS Vertica
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-12455 MEDIUM This Month

An observable response discrepancy vulnerability in OpenText Vertica's management console allows attackers to perform password brute-force attacks by analyzing differences in application responses. This affects Vertica versions 10.0 through 10.X, 11.0 through 11.X, and 12.0 through 12.X. The vulnerability requires network access and user interaction but enables attackers to systematically guess passwords against valid user accounts without account lockout protection differentiating failed attempts.

Information Disclosure Vertica
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-22191 MEDIUM PATCH This Month

Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mai...

Code Injection RCE Wpdiscuz
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-22209 MEDIUM PATCH This Month

Medium severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like </style><script>alert(1)</script> in the custom CSS setting to execute arbitrary JavaScript in user browsers.

XSS Wpdiscuz
NVD VulDB GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-0977 MEDIUM PATCH This Month

IBM CICS Transaction Gateway for Multiplatforms versions 9.3 and 10.1 contain an improper access control vulnerability (CWE-284) that allows local users to transfer or view files without authentication or authorization checks. An attacker with local system access can exploit this flaw to read sensitive data or modify files, resulting in confidentiality and integrity compromise with a CVSS base score of 5.1. This vulnerability affects a critical middleware component used in enterprise transaction processing environments.

IBM Authentication Bypass
NVD
CVSS 3.1
5.1
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy