Skip to main content
CVE-2026-32439 MEDIUM This Month

WebGeniusLab BigHearts contains a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to modify data due to incorrectly configured access control security levels. All versions of BigHearts through 3.1.14 are affected, enabling an attacker to bypass authorization checks and perform unauthorized data modification without requiring authentication or user interaction. With a CVSS score of 5.3 and network-accessible attack surface, this vulnerability poses a moderate integrity risk requiring prompt patching.

Authentication Bypass Bighearts
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32438 MEDIUM This Month

Improper access control in VW School Education through version 1.4.6 allows unauthenticated remote attackers to modify data by exploiting misconfigured security levels. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting educational institutions using affected versions.

Authentication Bypass Vw School Education
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32437 MEDIUM This Month

Improper access control in VW Portfolio up to version 1.3.3 enables unauthenticated attackers to modify data through incorrectly configured security levels. The vulnerability allows integrity compromise without requiring authentication or user interaction, affecting all instances of the affected software versions. No patch is currently available.

Authentication Bypass Vw Portfolio
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32436 MEDIUM This Month

Improper access control in VW Photography through version 1.3.8 permits unauthenticated attackers to modify application data due to missing authorization checks on sensitive functions. An attacker can exploit this vulnerability over the network without user interaction to alter content or settings, though confidentiality and availability are not impacted. No patch is currently available for this vulnerability.

Authentication Bypass Vw Photography
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32435 MEDIUM This Month

VW Pet Shop through version 1.4.7 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data due to improperly configured access controls. An attacker can exploit this to alter information within the application without requiring authentication or user interaction. Currently, no patch is available for this vulnerability.

Authentication Bypass Vw Pet Shop
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32434 MEDIUM This Month

VW Fitness through version 4.3.4 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. An attacker can exploit this to perform unauthorized actions without requiring authentication or user interaction. No patch is currently available for affected installations.

Authentication Bypass Vw Fitness
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32432 MEDIUM This Month

WP Time Slots Booking Form through version 1.2.42 contains a missing authorization vulnerability that allows unauthenticated attackers to modify booking data through improperly configured access controls. An attacker can exploit this to alter time slot reservations and other critical booking information without authentication. No patch is currently available for this vulnerability.

Authentication Bypass Wp Time Slots Booking Form
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32428 MEDIUM This Month

Popup Like Box versions 3.7.7 and earlier contain an authorization bypass vulnerability that allows unauthenticated attackers to modify content through improperly configured access controls. The vulnerability affects the ays-facebook-popup-likebox plugin and requires no user interaction to exploit. While no patch is currently available, the impact is limited to integrity violations without affecting confidentiality or availability.

Authentication Bypass Popup Like Box
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32427 MEDIUM This Month

VW Education Lite versions 2.2.0 and earlier contain a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to modify data through incorrectly configured access control security levels. An attacker with network access can exploit this vulnerability without requiring authentication or user interaction to perform unauthorized modifications, resulting in integrity compromise but not confidentiality or availability impact. The CVSS 5.3 medium score reflects the network-accessible nature and lack of authentication requirements, though the integrity-only impact limits the overall severity.

Authentication Bypass Vw Education Lite
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32425 MEDIUM This Month

Payment Gateway Pix For GiveWP versions 2.2.3 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to modify data through improper access control. An attacker can exploit this flaw to manipulate payment gateway functionality without proper authentication or user interaction. No patch is currently available for this vulnerability affecting GiveWP payment processing installations.

Authentication Bypass Payment Gateway Pix For Givewp
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32421 MEDIUM This Month

Post Timeline versions 2.4.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify data by exploiting improperly configured access controls. The vulnerability enables integrity compromise without requiring user interaction or special privileges. No patch is currently available for this issue.

Authentication Bypass Post Timeline
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32413 MEDIUM PATCH This Month

Permalink Manager Lite versions prior to 2.5.3 lack proper authorization controls, allowing unauthenticated remote attackers to modify content through incorrectly configured access restrictions. This missing authorization check enables attackers to alter data without authentication, affecting the integrity of managed permalinks. No patch is currently available for this vulnerability.

Authentication Bypass Permalink Manager Lite
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32410 MEDIUM This Month

The WBW Currency Switcher for WooCommerce plugin through version 2.2.5 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify plugin settings and configurations without proper access controls. This vulnerability affects WordPress sites running the vulnerable plugin versions and could enable attackers to alter currency settings or manipulate store functionality. No patch is currently available for this vulnerability.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32409 MEDIUM This Month

Forminator through version 1.50.2 contains an authorization bypass that allows unauthenticated attackers to modify data through incorrectly configured access controls. The vulnerability affects WordPress sites using the WPMU DEV Forminator plugin and requires no user interaction to exploit. No patch is currently available for this issue.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32404 MEDIUM This Month

Studio99 WP Monitor versions through 1.0.3 contain a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to modify data or settings due to incorrectly configured access controls. The vulnerability has a CVSS score of 5.3 with a network attack vector requiring no privileges or user interaction, enabling integrity compromise without authentication. There is no indication of active exploitation in the wild or public proof-of-concept code at this time, though the low attack complexity and network accessibility make this a moderate priority for WordPress site administrators running this monitoring plugin.

Authentication Bypass Studio99 Wp Monitor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32402 MEDIUM This Month

Image Slider By Ays versions 2.7.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify content through improper access control validation. The vulnerability affects the plugin's core functionality and could enable unauthorized changes to website content without proper authentication checks. No patch is currently available.

Authentication Bypass Image Slider By Ays
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32397 MEDIUM This Month

YMC Filter & Grids through version 3.5.1 contains an authorization bypass that allows unauthenticated remote attackers to modify data due to improperly configured access controls. The vulnerability affects the smart-filter component and could enable unauthorized alterations to filtered content or grid configurations without requiring user interaction or privileges.

Authentication Bypass Filter Grids
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32396 MEDIUM This Month

RadiusTheme Team versions up to 5.0.13 contain an access control misconfiguration that allows unauthenticated remote attackers to modify data through improper authorization checks. The vulnerability enables integrity compromise without requiring authentication or user interaction, affecting all installations running the affected version range. No patch is currently available.

Authentication Bypass Team
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32395 MEDIUM This Month

A Missing Authorization vulnerability (CWE-862) exists in Xpro Addons For Beaver Builder - Lite versions up to 1.5.6, allowing unauthenticated attackers to exploit incorrectly configured access control mechanisms and perform unauthorized modifications. The vulnerability has a CVSS score of 5.3 with a network attack vector requiring no privileges or user interaction, indicating an integrity impact without confidentiality or availability compromise. While the CVSS is moderate, the lack of authentication requirement and network accessibility make this a meaningful risk for WordPress sites using this plugin.

Authentication Bypass Xpro Addons For Beaver Builder 8211 Lite
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32387 MEDIUM This Month

Checkout for PayPal versions up to 1.0.46 contain an authorization bypass vulnerability allowing unauthenticated attackers to modify checkout data due to improper access control enforcement. An attacker can exploit this over the network without user interaction to tamper with payment transactions. Currently no patch is available for this vulnerability.

Authentication Bypass Checkout For Paypal
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32383 MEDIUM This Month

Ridhi through version 1.1.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to modify data due to improper access control configuration. An attacker can exploit this flaw without authentication or user interaction to alter information in affected installations. No patch is currently available for this vulnerability.

Authentication Bypass Ridhi
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32382 MEDIUM This Month

Improperly configured access controls in raratheme Digital Download through version 1.1.4 enable unauthenticated attackers to modify content without authorization. This missing authorization vulnerability allows remote attackers to alter data integrity in affected installations. No patch is currently available for this vulnerability.

Authentication Bypass Digital Download
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32381 MEDIUM This Month

Improper access control in raratheme App Landing Page version 1.2.2 and earlier permits unauthenticated attackers to modify application data through exploitation of inadequately configured security levels. This network-accessible vulnerability requires no user interaction and could allow attackers to alter critical application content without authorization. No patch is currently available for affected installations.

Authentication Bypass App Landing Page
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32380 MEDIUM This Month

Numinous theme versions up to 1.3.0 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability affects the theme's security implementation and could enable unauthorized changes to application data without authentication. No patch is currently available for this issue.

Authentication Bypass Numinous
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32379 MEDIUM This Month

Rara Academic theme versions up to 1.2.2 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify content due to improper access control configuration. The vulnerability enables unauthorized data manipulation without requiring authentication or user interaction. No patch is currently available for affected installations.

Authentication Bypass Rara Academic
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32378 MEDIUM This Month

Improper access control in raratheme Book Landing Page through version 1.2.7 permits unauthenticated attackers to modify content or data without proper authorization checks. The vulnerability stems from missing authentication validation on protected operations, allowing remote exploitation without user interaction. No patch is currently available.

Authentication Bypass Book Landing Page
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32377 MEDIUM This Month

Pranayama Yoga version 1.2.2 and earlier contains a missing authorization flaw that allows unauthenticated remote attackers to modify application data by exploiting improper access control configurations. The vulnerability has no available patch and could enable unauthorized changes to yoga class information or user content without authentication. With a CVSS score of 5.3, this affects any Pranayama Yoga installation using the vulnerable versions.

Authentication Bypass Pranayama Yoga
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32376 MEDIUM This Month

Improper access control in Kalon through version 1.2.9 enables unauthenticated remote attackers to modify data or configurations by exploiting misconfigured authorization checks. The vulnerability carries medium severity with a CVSS score of 5.3 and currently has no available patch.

Authentication Bypass Kalon
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32375 MEDIUM This Month

Travel Diaries through version 1.2.4 contains an authorization bypass that allows unauthenticated attackers to modify application data due to improperly configured access controls. The vulnerability affects all installations of the plugin and requires no user interaction to exploit, enabling attackers to alter sensitive travel diary information without proper authentication.

Authentication Bypass Travel Diaries
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32374 MEDIUM This Month

Improper access control in The Minimal WordPress theme versions up to 1.2.9 enables unauthenticated remote attackers to modify content or settings through incorrectly configured authorization checks. The vulnerability carries a medium severity rating with no available patch at this time.

Authentication Bypass The Minimal
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32371 MEDIUM This Month

Elegant Pink theme versions up to 1.3.3 contain an access control flaw that allows unauthenticated remote attackers to modify data through incorrectly configured authorization checks. The vulnerability enables integrity compromise without requiring authentication, though no patch is currently available.

Authentication Bypass Elegant Pink
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32370 MEDIUM This Month

Improper access control in raratheme Influencer through version 1.1.7 allows unauthenticated remote attackers to modify data or resources due to incorrectly configured authorization checks. The vulnerability requires no user interaction and can be exploited over the network, though no patch is currently available.

Authentication Bypass Influencer
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32363 MEDIUM This Month

WPLifeCycle versions 3.3.1 and earlier contain an authorization bypass that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability affects the free PHP version and could enable unauthorized changes to application data without requiring authentication or user interaction. A patch is not currently available for this issue.

Authentication Bypass Wplifecycle
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32362 MEDIUM This Month

Insufficient access control in WP Sessions Time Monitoring Full Automatic version 1.1.3 and earlier permits unauthenticated attackers to modify data through improperly configured authorization checks. This vulnerability affects WordPress site administrators and users relying on the plugin to properly restrict access to session monitoring features. An attacker could exploit this to alter activity logs or session data without proper authentication.

Authentication Bypass Wp Sessions Time Monitoring Full Automatic
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32350 MEDIUM This Month

Improper access control in Chocolate House through version 1.1.5 allows unauthenticated remote attackers to modify data by bypassing authorization checks. The vulnerability affects all versions up to 1.1.5, and no patch is currently available. An attacker could exploit misconfigured security levels to gain unauthorized write access without authentication.

Authentication Bypass Chocolate House
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32348 MEDIUM This Month

MAS Videos through version 1.3.2 contains an authorization bypass that allows unauthenticated attackers to modify data due to improper access control validation. An attacker can exploit this vulnerability over the network without user interaction to manipulate protected resources. No patch is currently available for this vulnerability.

Authentication Bypass Mas Videos
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32347 MEDIUM This Month

The raratheme Restaurant and Cafe plugin through version 1.2.5 contains an authorization bypass vulnerability that allows unauthenticated attackers to modify data through improperly configured access controls. An attacker can exploit this flaw to perform unauthorized actions without authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Restaurant And Cafe
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32346 MEDIUM This Month

Improper access control in raratheme Travel Agency versions up to 1.5.5 permits unauthenticated attackers to modify data through misconfigured authorization checks. This vulnerability allows unauthorized changes to travel agency information without requiring authentication or user interaction, potentially compromising business operations and data integrity.

Authentication Bypass Travel Agency
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32345 MEDIUM This Month

Perfect Portfolio version 1.2.4 and earlier contains a missing authorization control that allows unauthenticated attackers to modify content through improperly configured access restrictions. An attacker can exploit this vulnerability to alter data integrity without requiring authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Perfect Portfolio
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32341 MEDIUM This Month

Benevolent theme versions through 1.3.9 contain an authorization bypass that allows unauthenticated remote attackers to modify data due to improperly configured access controls. The vulnerability affects the CMS's ability to enforce proper permission checks, enabling unauthorized content manipulation without authentication. No patch is currently available for this medium-severity issue.

Authentication Bypass Benevolent
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32340 MEDIUM This Month

Business One Page up to version 1.3.2 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data due to improperly configured access controls. An attacker can exploit this weakness to alter sensitive information without requiring valid credentials or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Business One Page
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32339 MEDIUM This Month

Bakes And Cakes plugin versions up to 1.2.9 contain an authorization bypass vulnerability that allows unauthenticated attackers to modify data due to improper access control configuration. An attacker could exploit this over the network without authentication to perform unauthorized state changes. No patch is currently available for this vulnerability.

Authentication Bypass Bakes And Cakes
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32338 MEDIUM This Month

The Construction Landing Page plugin through version 1.4.1 contains a missing authorization vulnerability that allows unauthenticated attackers to modify data through improperly configured access controls. An attacker can exploit this flaw to perform unauthorized changes to the application without authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Construction Landing Page
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32337 MEDIUM This Month

Improperly configured access controls in the Preschool and Kindergarten plugin (versions up to 1.2.5) allow unauthenticated attackers to modify content or settings without proper authorization. This missing authorization vulnerability affects websites using the vulnerable plugin and could enable unauthorized data tampering. No security patch is currently available for this vulnerability.

Authentication Bypass Preschool And Kindergarten
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32336 MEDIUM This Month

Rara Business WordPress theme version 1.3.0 and earlier contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability requires no user interaction and can be exploited over the network, though no patch is currently available. Affected installations should implement additional access control measures or upgrade when patches become available.

Authentication Bypass Rara Business
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32335 MEDIUM This Month

Incorrect access control in The Conference WordPress theme versions up to 1.2.5 allows unauthenticated remote attackers to modify content by exploiting misconfigured authorization checks. An attacker can leverage this vulnerability to alter data without proper authentication, impacting the integrity of the affected website.

Authentication Bypass The Conference
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32334 MEDIUM This Month

JobScout versions 1.1.7 and earlier contain an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data through improperly configured access controls. The vulnerability enables attackers to perform unauthorized actions without proper authentication or user interaction. No patch is currently available for this vulnerability.

Authentication Bypass Jobscout
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32332 MEDIUM This Month

Easy Form versions 2.7.9 and earlier are vulnerable to missing authorization controls that allow unauthenticated attackers to modify data through incorrectly configured access restrictions. An attacker can exploit this vulnerability remotely without authentication to perform unauthorized data manipulation operations. No patch is currently available for this vulnerability.

Authentication Bypass Easy Form
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32329 MEDIUM This Month

Advanced Related Posts plugin through version 1.9.1 contains insufficient authorization controls that allow unauthenticated remote attackers to modify plugin settings and data. The vulnerability stems from improperly configured access restrictions in the plugin's functionality, enabling attackers to alter post relationships without proper authentication or permission validation.

Authentication Bypass Advanced Related Posts
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-31916 MEDIUM This Month

Latest Post Shortcode plugin through version 14.2.1 contains an authorization bypass that allows unauthenticated attackers to modify content through improperly configured access controls. The vulnerability affects websites running the vulnerable plugin versions and could enable unauthorized data manipulation without requiring user interaction or authentication. No patch is currently available for this issue.

Authentication Bypass Latest Post Shortcode
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy