Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-42412

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-29 Apr, 2026 | 07:51
Updated At-29 Apr, 2026 | 13:34
Rejected At-
Credits

WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:29 Apr, 2026 | 07:51
Updated At:29 Apr, 2026 | 13:34
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.

Affected Products
Vendor
weDevs Pte. Ltd.weDevs
Product
WP User Frontend
Collection URL
https://wordpress.org/plugins
Package Name
wp-user-frontend
Default Status
unaffected
Versions
Affected
  • From n/a through 4.3.1 (custom)
    • -> unaffectedfrom4.3.2
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions

Update the WordPress WP User Frontend Plugin to the latest available version (at least 4.3.2).

Configurations
Workarounds
Exploits
Credits
finder
Sajjad Haqi | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-4-3-1-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-4-3-1-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:29 Apr, 2026 | 09:16
Updated At:29 Apr, 2026 | 21:15

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-4-3-1-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/wp-user-frontend/vulnerability/wordpress-wp-user-frontend-plugin-4-3-1-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

253Records found
CVE-2024-34442
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 29.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:34
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-weDocswedocs
CWE ID-CWE-862
Missing Authorization
CVE-2023-52217
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.00%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:26
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-woocommerce_conversion_trackingWooCommerce Conversion Trackingwoocommerce_conversion_tracking
CWE ID-CWE-862
Missing Authorization
CVE-2025-30896
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 41.21%
||
7 Day CHG-0.02%
Published-27 Mar, 2025 | 10:55
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.13.4.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP ERP
CWE ID-CWE-862
Missing Authorization
CVE-2025-63008
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.84%
||
7 Day CHG-0.01%
Published-09 Dec, 2025 | 14:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP ERP
CWE ID-CWE-862
Missing Authorization
CVE-2023-45765
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.85%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.12.6.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wp_erpWP ERP
CWE ID-CWE-862
Missing Authorization
CVE-2023-45002
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 34.85%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP User Frontend
CWE ID-CWE-862
Missing Authorization
CVE-2025-58672
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.18%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:22
Updated-12 May, 2026 | 00:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Frontend Plugin <= 4.1.12 - Broken Access Control Vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.1.12.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP User Frontend
CWE ID-CWE-862
Missing Authorization
CVE-2023-40003
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 68.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wp_project_managerWP Project Manager
CWE ID-CWE-862
Missing Authorization
CVE-2026-39520
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.22%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weDocs plugin <= 2.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-weDocs
CWE ID-CWE-862
Missing Authorization
CVE-2026-32485
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.87%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP User Frontend
CWE ID-CWE-862
Missing Authorization
CVE-2026-24944
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.69%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:47
Updated-28 Apr, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Subscribe2 plugin <= 10.44 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-Subscribe2
CWE ID-CWE-862
Missing Authorization
CVE-2026-24364
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.00%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WP User Frontend
CWE ID-CWE-862
Missing Authorization
CVE-2024-34822
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 29.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:26
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wemailweMail
CWE ID-CWE-862
Missing Authorization
CVE-2024-24711
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 33.53%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 11:43
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-WooCommerce Conversion Trackingwoocommerce_conversion_tracking
CWE ID-CWE-862
Missing Authorization
CVE-2023-6158
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.36%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 14:32
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection. CVE-2024-0238 appears to be a duplicate of this issue.

Action-Not Available
Vendor-myeventonashanjayEventON
Product-eventon-liteeventonEventON – Events CalendarEventON (Pro) - WordPress Virtual Event Calendar Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-33919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.05%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:31
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeKit For Elementorromethemekit_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2026-1786
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.59%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 08:26
Updated-08 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including Twitter API credentials, post author, post status, and the capability required to access the plugin's admin menu.

Action-Not Available
Vendor-badbreze
Product-Twitter posts to Blog
CWE ID-CWE-862
Missing Authorization
CVE-2026-1781
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 01:22
Updated-22 Apr, 2026 | 21:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the form to process unsubscribe actions instead of subscribe actions. This makes it possible for unauthenticated attackers to arbitrarily unsubscribe any email address from the connected Mailchimp audience via the `_mc4wp_action` parameter, granted they can obtain the form ID (which is publicly exposed in the HTML source).

Action-Not Available
Vendor-dvankooten
Product-MC4WP: Mailchimp for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2026-4807
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.26%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 02:27
Updated-07 May, 2026 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permissions_check() method combined with the public exposure of a site-wide reusable nonce. The plugin exposes a public_nonce value through the /wp-json/ssa/v1/embed-inner endpoint, which is accessible to unauthenticated users. The appointment deletion endpoint at /wp-json/ssa/v1/appointments/{id}/delete and /wp-json/ssa/v1/appointments/bulk use a permission check that accepts requests containing both an X-WP-Nonce header (with any arbitrary value) and an X-PUBLIC-Nonce header (with the valid public nonce). When the X-WP-Nonce validation fails, the function falls back to validating the X-PUBLIC-Nonce without properly rejecting the request. Since the public_nonce is exposed to all unauthenticated visitors and is site-wide (not user-specific or appointment-specific), attackers can obtain it and use it to view details of arbitrary appointments, including the public_edit_url, or delete arbitrary appointments by ID. This makes it possible for unauthenticated attackers to view, delete or modify any appointment in the system, disclosing sensitive appointment data, causing service disruption, and loss of booking records.

Action-Not Available
Vendor-N Squared Digital, LLC
Product-Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2026-0572
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.74%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 08:25
Updated-08 Apr, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options

The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to change plugin settings.

Action-Not Available
Vendor-webpurify
Product-WebPurify Profanity Filter
CWE ID-CWE-862
Missing Authorization
CVE-2023-52229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 11:26
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Save as PDF plugin by Pdfcrowd Word Replacer Pro.This issue affects Word Replacer Pro: from n/a through 1.0.

Action-Not Available
Vendor-Save as PDF plugin by Pdfcrowdpdfcrowd
Product-Word Replacer Proword_replacer_pro
CWE ID-CWE-862
Missing Authorization
CVE-2023-51495
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 34.87%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:42
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.

Action-Not Available
Vendor-WooCommerce
Product-WooCommerce Warranty Requests
CWE ID-CWE-862
Missing Authorization
CVE-2023-49857
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.43%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in awesomesupport Awesome Support awesome-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through <= 6.1.7.

Action-Not Available
Vendor-getawesomesupportawesomesupportawesomesupport
Product-awesome_supportAwesome Supportawesome_support_wordpress_helpdesk_\&_support
CWE ID-CWE-862
Missing Authorization
CVE-2023-50884
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:29
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through <= 1.1.5.

Action-Not Available
Vendor-LA-Studiolastudio
Product-LA-Studio Element Kit for Elementorla-studio_element_kit_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-69095
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reservation Plugin plugin <= 1.7 - Settings Change vulnerability

Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.

Action-Not Available
Vendor-designthemes
Product-Reservation Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-68023
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17.

Action-Not Available
Vendor-Addonify
Product-Addonify – Compare Products For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-68020
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through <= 2.7.13.

Action-Not Available
Vendor-WANotifier
Product-Notifier
CWE ID-CWE-862
Missing Authorization
CVE-2025-68050
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leadpages plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.

Action-Not Available
Vendor-Leadpages
Product-Leadpages
CWE ID-CWE-862
Missing Authorization
CVE-2025-68032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0.

Action-Not Available
Vendor-Passionate Brains
Product-Advanced WC Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2025-68026
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability

Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.

Action-Not Available
Vendor-Niaj Morshed
Product-LC Wizard
CWE ID-CWE-862
Missing Authorization
CVE-2025-68021
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ConveyThis plugin <= 269.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.9.

Action-Not Available
Vendor-ConveyThis
Product-ConveyThis
CWE ID-CWE-862
Missing Authorization
CVE-2025-68507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram plugin <= 3.1.35 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.

Action-Not Available
Vendor-Icegram
Product-Icegram
CWE ID-CWE-862
Missing Authorization
CVE-2025-68025
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17.

Action-Not Available
Vendor-Addonify
Product-Addonify Floating Cart For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-68009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.

Action-Not Available
Vendor-Codeless
Product-Slider Templates
CWE ID-CWE-862
Missing Authorization
CVE-2025-68019
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 4.96%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Booster plugin <= 6.1.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.

Action-Not Available
Vendor-cleverplugins
Product-SEO Booster
CWE ID-CWE-862
Missing Authorization
CVE-2025-68024
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability

Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.

Action-Not Available
Vendor-Addonify
Product-Addonify – WooCommerce Wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2025-67993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.

Action-Not Available
Vendor-Vito Peleg
Product-Atarim
CWE ID-CWE-862
Missing Authorization
CVE-2025-68039
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP BackItUp plugin <= 2.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.1.0.

Action-Not Available
Vendor-Chris Simmons
Product-WP BackItUp
CWE ID-CWE-862
Missing Authorization
CVE-2025-67917
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.96%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.

Action-Not Available
Vendor-Shinecommerce Joint Stock Company
Product-Traveler
CWE ID-CWE-862
Missing Authorization
CVE-2025-67942
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Peach Payments Gateway plugin <= 3.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.

Action-Not Available
Vendor-peachpayments
Product-Peach Payments Gateway
CWE ID-CWE-862
Missing Authorization
CVE-2025-67547
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.

Action-Not Available
Vendor-uixthemes
Product-Konte
CWE ID-CWE-862
Missing Authorization
CVE-2025-67913
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.96%
||
7 Day CHG+0.02%
Published-08 Jan, 2026 | 09:17
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.

Action-Not Available
Vendor-Aruba.it Dev
Product-Aruba HiSpeed Cache
CWE ID-CWE-862
Missing Authorization
CVE-2025-66068
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.96%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:22
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.

Action-Not Available
Vendor-InstaWP
Product-InstaWP Connect
CWE ID-CWE-862
Missing Authorization
CVE-2025-64375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.96%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 07:22
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Social Ninja plugin <= 3.20.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.

Action-Not Available
Vendor-Mahmudul Hasan Arif
Product-WP Social Ninja
CWE ID-CWE-862
Missing Authorization
CVE-2023-49848
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.43%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marc dooder Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy woo-aliexpress-dropshipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through <= 2.1.1.

Action-Not Available
Vendor-Marc dooderwooproductimporter
Product-Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsysharkdropship_dropshipping_and_affiliate
CWE ID-CWE-862
Missing Authorization
CVE-2024-9161
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-19.98% / 95.52%
||
7 Day CHG-3.66%
Published-05 Oct, 2024 | 11:21
Updated-08 Apr, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.

Action-Not Available
Vendor-rankmathrankmath
Product-seoRank Math SEO – AI SEO Tools to Dominate SEO Rankings
CWE ID-CWE-862
Missing Authorization
CVE-2025-62049
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:55
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stylemix Cost Calculator Builder cost-calculator-builder.This issue affects Cost Calculator Builder: from n/a through <= 3.5.32.

Action-Not Available
Vendor-Stylemix
Product-Cost Calculator Builder
CWE ID-CWE-862
Missing Authorization
CVE-2025-62033
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:55
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.

Action-Not Available
Vendor-uxper
Product-Togo
CWE ID-CWE-862
Missing Authorization
CVE-2023-48779
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.43%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:30
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 360 Javascript Viewer plugin <= 1.7.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in 3DWeb 360 Javascript Viewer 360deg-javascript-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through <= 1.7.11.

Action-Not Available
Vendor-3DWebjavascript
Product-360 Javascript Viewer360_javascript_viewer
CWE ID-CWE-862
Missing Authorization
CVE-2024-9586
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 29.96%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 05:33
Updated-08 Apr, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-linkz.aivittor1olinkz.ai
Product-linkz.aiLinkz.ai – Automatic link previews on hoverlinkz.ai
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found