Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32527

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-25 Mar, 2026 | 16:15
Updated At-26 Mar, 2026 | 16:26
Rejected At-
Credits

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:25 Mar, 2026 | 16:15
Updated At:26 Mar, 2026 | 16:26
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5.

Affected Products
Vendor
CRM Perks
Product
WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms
Collection URL
https://wordpress.org/plugins
Package Name
cf7-insightly
Default Status
unaffected
Versions
Affected
  • From n/a through <= 1.1.5 (custom)
    • -> unaffectedfrom1.1.6
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Nabil Irawan | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Plugin/cf7-insightly/vulnerability/wordpress-wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/cf7-insightly/vulnerability/wordpress-wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:25 Mar, 2026 | 17:17
Updated At:30 Mar, 2026 | 13:27

Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through <= 1.1.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Plugin/cf7-insightly/vulnerability/wordpress-wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Plugin/cf7-insightly/vulnerability/wordpress-wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

149Records found
CVE-2026-25430
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-30 Mar, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.2.2.

Action-Not Available
Vendor-CRM Perks
Product-Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms
CWE ID-CWE-862
Missing Authorization
CVE-2025-67468
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.66%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:13
Updated-01 Apr, 2026 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms cf7-salesforce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms: from n/a through <= 1.4.6.

Action-Not Available
Vendor-CRM Perks
Product-Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-37463
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 56.95%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-07 Feb, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.

Action-Not Available
Vendor-crmperksCRM Perkscrmperks
Product-crm_perks_formsCRM Perks Formscrm_perks_forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-11069
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.20%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 07:35
Updated-08 Apr, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.

Action-Not Available
Vendor-welaunchwelaunchwelaunch
Product-wordpress_gdprWordPress GDPRwordpress_gdpr\&ccpa
CWE ID-CWE-862
Missing Authorization
CVE-2024-10294
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.42%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 02:32
Updated-08 Apr, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.

Action-Not Available
Vendor-ce21CE21, LLC.
Product-ce21_suiteCE21 Suitece21-suite
CWE ID-CWE-862
Missing Authorization
CVE-2025-39561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 16:50
Updated-20 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

Action-Not Available
Vendor-Marketing Fire, LLC
Product-LoginWP - Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-1108
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.43%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 03:03
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plugin Groups <= 2.0.6 - Missing Authorization to Unauthenticated Denial of Service

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.

Action-Not Available
Vendor-davidcramerdesertsnowmandavidcramer
Product-plugin_groupsPlugin Groupsplugin_groups
CWE ID-CWE-862
Missing Authorization
CVE-2023-6638
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.66%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:33
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-gutengeekwpopal
Product-gg_woo_feedGG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels
CWE ID-CWE-862
Missing Authorization
CVE-2023-6637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.27%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-daandaanvandenbergh
Product-complete_analytics_optimization_suiteCAOS | Host Google Analytics Locally
CWE ID-CWE-862
Missing Authorization
CVE-2023-52229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 11:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.

Action-Not Available
Vendor-Save as PDF plugin by Pdfcrowdpdfcrowd
Product-Word Replacer Proword_replacer_pro
CWE ID-CWE-862
Missing Authorization
CVE-2023-51495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.35%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:42
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.

Action-Not Available
Vendor-WooCommerce
Product-WooCommerce Warranty Requests
CWE ID-CWE-862
Missing Authorization
CVE-2023-49848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.

Action-Not Available
Vendor-wooproductimporterwooproductimporter
Product-Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsysharkdropship_dropshipping_and_affiliate
CWE ID-CWE-862
Missing Authorization
CVE-2019-25139
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.86%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-08 Apr, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coming Soon Page & Maintenance Mode <= 1.8.1 - Unauthenticated Settings Reset

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

Action-Not Available
Vendor-wpshopmartwpshopmart
Product-coming_soon_page_\&_maintenance_modeComing Soon Page & Maintenance Mode
CWE ID-CWE-862
Missing Authorization
CVE-2023-49857
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 May, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.7.

Action-Not Available
Vendor-getawesomesupportAwesome Support Teamawesomesupport
Product-awesome_supportAwesome Supportawesome_support_wordpress_helpdesk_\&_support
CWE ID-CWE-862
Missing Authorization
CVE-2023-48779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 360 Javascript Viewer plugin <= 1.7.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in 360 Javascript Viewer 360 Javascript Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through 1.7.11.

Action-Not Available
Vendor-360 Javascript Viewerjavascript
Product-360 Javascript Viewer360_javascript_viewer
CWE ID-CWE-862
Missing Authorization
CVE-2025-2789
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 65.00%
||
7 Day CHG~0.00%
Published-05 Apr, 2025 | 05:32
Updated-08 Apr, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.

Action-Not Available
Vendor-multivendorxwcmp
Product-multivendorxMultiVendorX – WooCommerce Multivendor Marketplace Solutions
CWE ID-CWE-862
Missing Authorization
CVE-2023-46609
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.03%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2.

Action-Not Available
Vendor-FeedFocal
Product-FeedFocal
CWE ID-CWE-862
Missing Authorization
CVE-2023-47826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.09%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-07 Apr, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.

Action-Not Available
Vendor-nicheaddonsNicheAddonsnicheaddons
Product-restaurant_\&_cafe_addon_for_elementorRestaurant & Cafe Addon for Elementorrestaurant_and_cafe_addon_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2023-47689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Animator plugin <= 3.0.10 - Unauthenticated Plugin Settings Change Vulnerability

Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animator: from n/a through 3.0.10.

Action-Not Available
Vendor-Toast Plugins
Product-Animator
CWE ID-CWE-862
Missing Authorization
CVE-2025-23906
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.19%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability

Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.

Action-Not Available
Vendor-wpseek
Product-WordPress Dashboard Tweeter
CWE ID-CWE-862
Missing Authorization
CVE-2025-22608
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 16:28
Updated-19 Sep, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS). Version 4.0.0-beta.361 fixes the issue.

Action-Not Available
Vendor-coollabscoollabsio
Product-coolifycoolify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-5574
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 3.59%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 14:45
Updated-07 Apr, 2026 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Technostrobe
Product-HI-LED-WR120-G2
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-14947
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 17:26
Updated-08 Apr, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_callback_create_bunny_stream_video`, `ajax_callback_get_bunny_stream_video`, and `ajax_callback_delete_bunny_stream_video` functions in all versions up to, and including, 4.6.4. This makes it possible for unauthenticated attackers to create and delete videos on the Bunny Stream CDN associated with the victim's account, provided they can obtain a valid nonce which is exposed in public player templates.

Action-Not Available
Vendor-plugins360
Product-All-in-One Video Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2025-14172
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.14%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 11:15
Updated-08 Apr, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to `wp_ajax_cwpp_trigger_flush_rewrite_rules`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to flush the site's rewrite rules via the `action` parameter.

Action-Not Available
Vendor-infosatech
Product-WP Page Permalink Extension
CWE ID-CWE-862
Missing Authorization
CVE-2025-14901
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.65%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 06:35
Updated-08 Apr, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only blocks requests when both the nonce verification fails and the user is logged in. This makes it possible for unauthenticated attackers to replay form workflow executions and trigger all configured integrations including webhooks, email notifications, CRM integrations, and automation platforms via the bitforms_trigger_workflow AJAX action granted they can obtain the entry ID and log IDs from a legitimate form submission response.

Action-Not Available
Vendor-bitpressadmin
Product-Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder
CWE ID-CWE-862
Missing Authorization
CVE-2025-14339
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.74%
||
7 Day CHG~0.00%
Published-21 Feb, 2026 | 09:27
Updated-08 Apr, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only validating the `X-WP-Nonce` header without checking user capabilities. Since the REST nonce is exposed to unauthenticated visitors via the `weMail` JavaScript object on pages with weMail forms, any unauthenticated user can permanently delete all weMail forms by extracting the nonce from the page source and sending a DELETE request to the forms endpoint.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2026-1786
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 08:26
Updated-08 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu.

Action-Not Available
Vendor-badbreze
Product-Twitter posts to Blog
CWE ID-CWE-862
Missing Authorization
CVE-2025-11372
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.97%
||
7 Day CHG~0.00%
Published-18 Oct, 2025 | 06:42
Updated-08 Apr, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permission_callback set to __return_true. This makes it possible for unauthenticated attackers to perform destructive database operations including dropping indexes on any table (including WordPress core tables like wp_options), creating duplicate configuration entries, and degrading site performance via the /wp-json/lp/v1/admin/tools/create-indexs endpoint granted they can provide table names.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
CWE ID-CWE-862
Missing Authorization
CVE-2022-46795
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 28.89%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:22
Updated-05 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerability

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.

Action-Not Available
Vendor-tychesoftwaresTyche Softwares
Product-print_invoice_\&_delivery_notes_for_woocommercePrint Invoice & Delivery Notes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2022-45830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 60.30%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:02
Updated-05 Jun, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2022-45832
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.92%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 14:32
Updated-08 Aug, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.

Action-Not Available
Vendor-Hennessey Digitalhennessey
Product-Attorneyattorney
CWE ID-CWE-862
Missing Authorization
CVE-2023-47180
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-22 Jan, 2026 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.

Action-Not Available
Vendor-xlpluginsXLPlugins
Product-finaleFinale Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-9161
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-23.13% / 95.94%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 11:21
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.

Action-Not Available
Vendor-rankmathrankmath
Product-seoRank Math SEO – AI SEO Tools to Dominate SEO Rankings
CWE ID-CWE-862
Missing Authorization
CVE-2024-9586
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.34%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 05:33
Updated-08 Apr, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-linkz.aivittor1olinkz.ai
Product-linkz.aiLinkz.ai – Automatic link previews on hoverlinkz.ai
CWE ID-CWE-862
Missing Authorization
CVE-2023-47764
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.33%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24.

Action-Not Available
Vendor-Metaphor Creationsmetaphorcreations
Product-Dittyditty
CWE ID-CWE-862
Missing Authorization
CVE-2023-46644
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.

Action-Not Available
Vendor-WP CTA PRO
Product-WordPress CTA
CWE ID-CWE-862
Missing Authorization
CVE-2023-47681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-3.20% / 87.03%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 11:07
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0.

Action-Not Available
Vendor-QuadLayersquadlayers
Product-WooCommerce Checkout Managercheckout_manager
CWE ID-CWE-862
Missing Authorization
CVE-2026-3571
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 5.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 01:24
Updated-08 Apr, 2026 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status.

Action-Not Available
Vendor-genetechproducts
Product-Pie Register – User Registration, Profiles & Content Restriction
CWE ID-CWE-862
Missing Authorization
CVE-2024-7032
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.57%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 05:30
Updated-08 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.

Action-Not Available
Vendor-zaytechelbanyaouizaytech
Product-smart_online_order_for_cloverSmart Online Order for Cloversmart_online_order_for_clover
CWE ID-CWE-862
Missing Authorization
CVE-2024-6755
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.42%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 02:33
Updated-08 Apr, 2026 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-WPWeb Elite
Product-social_auto_posterSocial Auto Postersocial_auto_poster
CWE ID-CWE-862
Missing Authorization
CVE-2024-5861
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 55.50%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 03:17
Updated-08 Apr, 2026 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.

Action-Not Available
Vendor-wpeasypaysaadiqbalwpeasypay
Product-wp_easypayWP Easy Pay – Payment and Donation form Builder for Squarewp_easypay
CWE ID-CWE-862
Missing Authorization
CVE-2023-45633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.26%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 14:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2.

Action-Not Available
Vendor-IDX
Product-IMPress Listings
CWE ID-CWE-862
Missing Authorization
CVE-2023-41649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2.

Action-Not Available
Vendor-Ovic Team
Product-Ovic Product Bundle
CWE ID-CWE-862
Missing Authorization
CVE-2023-41651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.03%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 08:56
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.

Action-Not Available
Vendor-Multi-Column Tag Map
Product-Multi-column Tag Mapmulti-column_tag_map
CWE ID-CWE-862
Missing Authorization
CVE-2026-32489
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-30 Mar, 2026 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.

Action-Not Available
Vendor-bPlugins
Product-B Blocks
CWE ID-CWE-862
Missing Authorization
CVE-2023-40679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.81%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 12:51
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.

Action-Not Available
Vendor-Jewel Theme
Product-Master Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2023-37987
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3.

Action-Not Available
Vendor-miniOrange
Product-YourMembership Single Sign On
CWE ID-CWE-862
Missing Authorization
CVE-2023-37971
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1.

Action-Not Available
Vendor-MultiVendorX
Product-WooCommerce Product Stock Alert
CWE ID-CWE-862
Missing Authorization
CVE-2023-37967
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.05%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-27 Feb, 2025 | 02:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability

Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.

Action-Not Available
Vendor-designinventoDesigninvento
Product-directorypressDirectoryPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-36512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 26.52%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 12:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.

Action-Not Available
Vendor-WooCommerce
Product-AutomateWooautomatewoo
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found