Total
6980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6279 | 1 Woostify | 1 Sites Library | 2026-02-20 | N/A | 7.1 HIGH |
| The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name | |||||
| CVE-2026-27181 | 1 Mjdm | 1 Majordomo | 2026-02-20 | N/A | 7.5 HIGH |
| MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin() method reads gr('mode') from $_REQUEST and assigns it to $this->mode at the start of execution, making all mode-gated code paths reachable without authentication via the /objects/?module=market endpoint. The uninstall mode handler calls uninstallPlugin(), which deletes module records from the database, executes the module's uninstall() method via eval(), recursively deletes the module's directory and template files using removeTree(), and removes associated cycle scripts. An attacker can iterate through module names and wipe the entire MajorDoMo installation with a series of unauthenticated GET requests. | |||||
| CVE-2026-25768 | 1 84codes | 1 Lavinmq | 2026-02-20 | N/A | 6.5 MEDIUM |
| LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6. | |||||
| CVE-2026-27387 | 2026-02-20 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26. | |||||
| CVE-2026-27055 | 2026-02-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0. | |||||
| CVE-2026-23547 | 2026-02-20 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8. | |||||
| CVE-2026-25330 | 2026-02-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1. | |||||
| CVE-2026-25315 | 2026-02-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0. | |||||
| CVE-2026-25313 | 2026-02-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14. | |||||
| CVE-2025-68834 | 2026-02-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3. | |||||
| CVE-2025-65036 | 1 Xwiki | 1 Pro Macros | 2026-02-20 | N/A | 8.3 HIGH |
| XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1. | |||||
| CVE-2026-26977 | 1 Frappe | 1 Learning | 2026-02-20 | N/A | 5.3 MEDIUM |
| Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release. | |||||
| CVE-2026-25420 | 2026-02-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18. | |||||
| CVE-2026-25388 | 2026-02-20 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0. | |||||
| CVE-2026-25364 | 2026-02-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8. | |||||
| CVE-2025-70148 | 1 Codeastro | 1 Membership Management System | 2026-02-20 | N/A | 7.5 HIGH |
| Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure direct object reference (IDOR). | |||||
| CVE-2026-2819 | 2026-02-20 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-27328 | 2026-02-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7. | |||||
| CVE-2026-27056 | 2026-02-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through <= 3.2.8. | |||||
| CVE-2026-25348 | 2026-02-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.10.15. | |||||