Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57797

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-13 Jul, 2026 | 08:41
Updated At-13 Jul, 2026 | 14:01
Rejected At-
Credits

WordPress EduMall theme <= 4.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:13 Jul, 2026 | 08:41
Updated At:13 Jul, 2026 | 14:01
Rejected At:
â–¼CVE Numbering Authority (CNA)
WordPress EduMall theme <= 4.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1.

Affected Products
Vendor
ThemeMove
Product
EduMall
Collection URL
https://themeforest.net
Package Name
edumall
Default Status
unaffected
Versions
Affected
  • From 0 through 4.5.1 (custom)
    • -> unaffectedfrom4.5.2
Problem Types
TypeCWE IDDescription
CWECWE-862Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: Exploiting Incorrectly Configured Access Control Security Levels
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Nguyen Ba Khanh | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://patchstack.com/database/Wordpress/Theme/edumall/vulnerability/wordpress-edumall-theme-4-5-0-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Theme/edumall/vulnerability/wordpress-edumall-theme-4-5-0-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:13 Jul, 2026 | 10:16
Updated At:13 Jul, 2026 | 16:57

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through <= 4.5.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
N/A
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-862Secondaryaudit@patchstack.com
CWE ID: CWE-862
Type: Secondary
Source: audit@patchstack.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Theme/edumall/vulnerability/wordpress-edumall-theme-4-5-0-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Theme/edumall/vulnerability/wordpress-edumall-theme-4-5-0-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

90Records found

CVE-2025-58210
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 14.66%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 06:58
Updated-12 May, 2026 | 00:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5.

Action-Not Available
Vendor-thememoveThemeMove
Product-makeaholicMakeaholic
CWE ID-CWE-862
Missing Authorization
CVE-2025-57961
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 33.04%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CoDesigner plugin <= 4.29 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.

Action-Not Available
Vendor-Codexpert, Inc
Product-CoDesigner
CWE ID-CWE-862
Missing Authorization
CVE-2024-5855
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 30.25%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 02:03
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.

Action-Not Available
Vendor-sluimedia_hygiene
Product-Media Hygiene: Remove or Delete Unused Images and More!media_hygiene
CWE ID-CWE-862
Missing Authorization
CVE-2023-35045
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.74%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 23:50
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fat Rat Fat Rat Collect.This issue affects Fat Rat Collect: from n/a through 2.6.7.

Action-Not Available
Vendor-Fat Rat
Product-Fat Rat Collect
CWE ID-CWE-862
Missing Authorization
CVE-2025-54705
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 16.03%
||
7 Day CHG+0.02%
Published-14 Aug, 2025 | 10:34
Updated-12 May, 2026 | 00:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6.

Action-Not Available
Vendor-MagePeople
Product-WpEvently
CWE ID-CWE-862
Missing Authorization
CVE-2025-53221
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 22.54%
||
7 Day CHG+0.02%
Published-14 Aug, 2025 | 18:22
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CodeablePress plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a through <= 1.0.2.

Action-Not Available
Vendor-codeablepress
Product-CodeablePress
CWE ID-CWE-862
Missing Authorization
CVE-2025-53266
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 21.40%
||
7 Day CHG+0.01%
Published-27 Jun, 2025 | 13:21
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.3.0.

Action-Not Available
Vendor-EdwardBock
Product-Cron Logger
CWE ID-CWE-862
Missing Authorization
CVE-2023-46188
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 33.29%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3.

Action-Not Available
Vendor-Jose Mortellaro
Product-Freesoul Deactivate Plugins – Plugin manager and cleanup
CWE ID-CWE-862
Missing Authorization
CVE-2025-49969
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 21.40%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2.

Action-Not Available
Vendor-Zara 4
Product-Zara 4 Image Compression
CWE ID-CWE-862
Missing Authorization
CVE-2025-49907
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 20.49%
||
7 Day CHG+0.01%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.3.9.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-MDTF
CWE ID-CWE-862
Missing Authorization
CVE-2025-49350
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 24.92%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 14:52
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through <= 2.3.3.

Action-Not Available
Vendor-marcoingraiti
Product-Actionwear products sync
CWE ID-CWE-862
Missing Authorization
CVE-2025-48262
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 16.75%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Url Rewrite Analyzer plugin <= 1.3.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in M.Code Url Rewrite Analyzer url-rewrite-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Url Rewrite Analyzer: from n/a through <= 1.3.3.

Action-Not Available
Vendor-M.Code
Product-Url Rewrite Analyzer
CWE ID-CWE-862
Missing Authorization
CVE-2023-2275
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 37.40%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 05:33
Updated-08 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.

Action-Not Available
Vendor-wcloverswclovers
Product-woocommerce_multivendor_marketplaceWCFM – Multivendor Marketplace REST API for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-48138
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 20.40%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-12 May, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BERTHA AI plugin <= 1.13 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.

Action-Not Available
Vendor-berthaBertha AI – Andrew Palmer
Product-bertha_aiBERTHA AI
CWE ID-CWE-862
Missing Authorization
CVE-2026-6667
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 20.70%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 00:43
Updated-14 May, 2026 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users parameter.

Action-Not Available
Vendor-pgbouncern/a
Product-pgbouncerPgBouncer
CWE ID-CWE-862
Missing Authorization
CVE-2026-59226
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.30% / 22.29%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 16:06
Updated-10 Jul, 2026 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Scheduled automations continue after pending-user deactivation and stored model ACL revocation

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, execute_automation rehydrated automation owners without rechecking that they were still active or still had features.automations, and check_model_access only enforced private-model grants for the exact user role, allowing deactivated pending users to continue scheduled model execution. This issue is fixed in version 0.10.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-59227
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 17.38%
||
7 Day CHG~0.00%
Published-09 Jul, 2026 | 15:56
Updated-14 Jul, 2026 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: POST /api/v1/images/edit bypasses the global image-edit switch and the per-user image-generation permission

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.11 before 0.10.0, POST /api/v1/images/edit required only a verified account and did not enforce the global image-edit switch or the per-user image-generation permission, allowing a non-admin user to invoke server-side image editing with administrator-configured provider credentials. This issue is fixed in version 0.10.0.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-5856
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 32.59%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 08:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Comment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary media attachments.

Action-Not Available
Vendor-wppuzzle
Product-Comment Images Reloaded
CWE ID-CWE-862
Missing Authorization
CVE-2025-31830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 38.45%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:51
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Printus Plugin <= 1.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Uriahs Victor Printus printus-cloud-printing-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printus: from n/a through <= 1.2.6.

Action-Not Available
Vendor-Uriahs Victor
Product-Printus
CWE ID-CWE-862
Missing Authorization
CVE-2025-31546
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 26.80%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 12:55
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Swiss Toolkit For WP plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Messiah Swiss Toolkit For WP swiss-toolkit-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Swiss Toolkit For WP: from n/a through <= 1.4.0.

Action-Not Available
Vendor-WP Messiah
Product-Swiss Toolkit For WP
CWE ID-CWE-862
Missing Authorization
CVE-2025-31866
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 28.94%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce ship-depot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipDepot for WooCommerce: from n/a through <= 1.2.19.

Action-Not Available
Vendor-Ship Depot
Product-ShipDepot for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-31854
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 28.94%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 14:52
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce sticky-add-to-cart-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through <= 1.4.9.

Action-Not Available
Vendor-Sharaz Shahid
Product-Simple Sticky Add To Cart For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-30978
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 23.32%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slack Notifications by dorzki plugin <= 2.0.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki dorzki-notifications-to-slack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slack Notifications by dorzki: from n/a through <= 2.0.7.

Action-Not Available
Vendor-Dor Zuberi
Product-Slack Notifications by dorzki
CWE ID-CWE-862
Missing Authorization
CVE-2025-28938
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 28.94%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 21:01
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bjoern WP Performance Pack wp-performance-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Performance Pack: from n/a through <= 2.5.3.

Action-Not Available
Vendor-Bjoern
Product-WP Performance Pack
CWE ID-CWE-862
Missing Authorization
CVE-2026-57720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 10.39%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 16:55
Updated-01 Jul, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ThumbPress plugin <= 6.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2.

Action-Not Available
Vendor-Codexpert Inc
Product-ThumbPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-47647
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 35.35%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6.

Action-Not Available
Vendor-LearningTimes
Product-BadgeOS
CWE ID-CWE-862
Missing Authorization
CVE-2025-26901
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 25.80%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 19:28
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Brizy Pro plugin <= 2.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.

Action-Not Available
Vendor-brizyBrizy
Product-brizyBrizy Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-26955
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 24.48%
||
7 Day CHG+0.02%
Published-15 Apr, 2025 | 11:59
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb Industrial Lite industrial-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Industrial Lite: from n/a through <= 1.0.8.

Action-Not Available
Vendor-vowelweb
Product-Industrial Lite
CWE ID-CWE-862
Missing Authorization
CVE-2025-22800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 29.97%
||
7 Day CHG+0.01%
Published-13 Jan, 2025 | 13:11
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 2.9.11.

Action-Not Available
Vendor-wpexpertsSaad Iqbal
Product-post_smtpPost SMTP
CWE ID-CWE-862
Missing Authorization
CVE-2023-35052
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 39.04%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4.

Action-Not Available
Vendor-wpWax - WP Business Directory Plugin and Classified Listings Directory
Product-Directorist
CWE ID-CWE-862
Missing Authorization
CVE-2026-25420
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 15.06%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.

Action-Not Available
Vendor-MailerLite
Product-MailerLite
CWE ID-CWE-862
Missing Authorization
CVE-2024-7605
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 34.61%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 11:00
Updated-08 Apr, 2026 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update

The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service.

Action-Not Available
Vendor-helloassohelloasso
Product-helloassoHelloAsso
CWE ID-CWE-862
Missing Authorization
CVE-2024-43118
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 41.56%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hummingbird hummingbird-performance.This issue affects Hummingbird: from n/a through <= 3.9.1.

Action-Not Available
Vendor-WPMU DEV - Your All-in-One WordPress PlatformIncsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-54402
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.59% / 44.36%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-11 May, 2026 | 22:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6.

Action-Not Available
Vendor-Mohamed Abd Elhalim
Product-Arabic Webfonts
CWE ID-CWE-862
Missing Authorization
CVE-2024-55994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 37.53%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in sohu 畅言评论系统 changyan allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through <= 2.0.5.

Action-Not Available
Vendor-sohu
Product-畅言评论系统
CWE ID-CWE-862
Missing Authorization
CVE-2024-56219
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 25.52%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:22
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through <= 4.0.6.1.

Action-Not Available
Vendor-Marketing Fire
Product-Widget Options
CWE ID-CWE-862
Missing Authorization
CVE-2024-5489
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.45% / 36.56%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 11:33
Updated-08 Apr, 2026 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.

Action-Not Available
Vendor-wbcomdesignswbcomdesigns
Product-custom_font_uploaderWbcom Designs – Custom Font Uploader
CWE ID-CWE-862
Missing Authorization
CVE-2024-54679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.92% / 56.43%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 00:00
Updated-05 Sep, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.

Action-Not Available
Vendor-n/aCyberPersons LLC
Product-cyberpaneln/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-56217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 19.87%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:21
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.03.

Action-Not Available
Vendor-ShahjadaW3 Eden, Inc.
Product-download_managerDownload Manager
CWE ID-CWE-862
Missing Authorization
CVE-2026-39653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 8.26%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Conferencing with Zoom plugin <= 4.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.

Action-Not Available
Vendor-Deepen Bajracharya
Product-Video Conferencing with Zoom
CWE ID-CWE-862
Missing Authorization
CVE-2024-43332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 41.24%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.

Action-Not Available
Vendor-meowappsJordy Meow
Product-photo_enginePhoto Engine
CWE ID-CWE-862
Missing Authorization
CVE-2024-33573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 29.91%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 13:38
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.

Action-Not Available
Vendor-EPROLO
Product-EPROLO Dropshipping
CWE ID-CWE-862
Missing Authorization
CVE-2024-32524
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 37.01%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:29
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2.

Action-Not Available
Vendor-Nuggethon
Product-Custom Order Statuses for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-32432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.46% / 37.06%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:38
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.This issue affects Ovic Addon Toolkit: from n/a through 2.6.1.

Action-Not Available
Vendor-Ovic Team
Product-Ovic Addon Toolkit
CWE ID-CWE-862
Missing Authorization
CVE-2024-29240
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.68% / 48.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:28
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-862
Missing Authorization
CVE-2026-25375
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 15.06%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.

Action-Not Available
Vendor-WP Chill
Product-Image Photo Gallery Final Tiles Grid
CWE ID-CWE-862
Missing Authorization
CVE-2026-25387
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 23.59%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimizer by Elementor: from n/a through <= 1.7.1.

Action-Not Available
Vendor-Elementor
Product-Image Optimizer by Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2026-25399
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 15.06%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:27
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.

Action-Not Available
Vendor-CryoutCreations
Product-Serious Slider
CWE ID-CWE-862
Missing Authorization
CVE-2026-24995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 9.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Latest Post Shortcode plugin <= 14.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.0.

Action-Not Available
Vendor-Iulia Cazan
Product-Latest Post Shortcode
CWE ID-CWE-862
Missing Authorization
CVE-2024-43119
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 37.85%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.

Action-Not Available
Vendor-Aruba.it
Product-Aruba HiSpeed Cache
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found