Search
Search Results (8201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42659 | 2 Nasirahmed, Wordpress | 2 Advanced Form Integration, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions. | ||||
| CVE-2026-48881 | 2 Themetechmount, Wordpress | 2 Truebooker, Wordpress | 2026-06-16 | 9.1 Critical |
| Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | ||||
| CVE-2026-49065 | 2 Hippooo, Wordpress | 2 Hippoo Mobile App For Woocommerce, Wordpress | 2026-06-16 | 8.2 High |
| Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | ||||
| CVE-2026-34886 | 2 Wordpress, Wp.insider | 2 Wordpress, Simple Membership | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions. | ||||
| CVE-2026-39584 | 2 Webful Creations, Wordpress | 2 Repairbuddy, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions. | ||||
| CVE-2026-40782 | 2 Greg Winiarski, Wordpress | 2 Wpadverts, Wordpress | 2026-06-16 | 6.5 Medium |
| Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions. | ||||
| CVE-2026-40788 | 2 Quantumcloud, Wordpress | 2 Chatbot, Wordpress | 2026-06-16 | 7.1 High |
| Subscriber Broken Access Control in ChatBot <= 7.9.7 versions. | ||||
| CVE-2026-40794 | 2 Mycred, Wordpress | 2 Mycred, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in myCred <= 3.0.3 versions. | ||||
| CVE-2026-25440 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Essential Addons For Elementor | 2026-06-16 | 5.3 Medium |
| Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions. | ||||
| CVE-2026-34892 | 2 Rank Math Seo, Wordpress | 2 Rank Math Seo, Wordpress | 2026-06-16 | 6.5 Medium |
| Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions. | ||||
| CVE-2026-39503 | 2 Awesomemotive, Wordpress | 2 Easy Digital Downloads, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions. | ||||
| CVE-2026-40774 | 2 Saasproject, Wordpress | 2 Booking Package, Wordpress | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions. | ||||
| CVE-2026-48883 | 2 Wordpress, Wpclever | 2 Wordpress, Wpc Product Bundles For Woocommerce | 2026-06-16 | 7.5 High |
| Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions. | ||||
| CVE-2026-40795 | 2026-06-16 | 6.5 Medium | ||
| Subscriber Broken Access Control in Amelia <= 2.2 versions. | ||||
| CVE-2026-42666 | 2026-06-16 | 7.5 High | ||
| Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | ||||
| CVE-2026-48887 | 2026-06-16 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | ||||
| CVE-2026-49775 | 2026-06-16 | 6.5 Medium | ||
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||||
| CVE-2026-25425 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. | ||||
| CVE-2026-49070 | 2026-06-15 | 7.5 High | ||
| Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||||
| CVE-2026-53821 | 1 Openclaw | 1 Openclaw | 2026-06-15 | 8.8 High |
| OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs. | ||||