Total
6969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32348 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2. | |||||
| CVE-2026-32410 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5. | |||||
| CVE-2026-3045 | 2026-03-16 | N/A | 7.5 HIGH | ||
| The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-bound `public_nonce` is exposed to unauthenticated users through the public `/wp-json/ssa/v1/embed-inner` REST endpoint, and (2) the `get_item()` method in `SSA_Settings_Api` relies on `nonce_permissions_check()` for authorization (which accepts the public nonce) but does not call `remove_unauthorized_settings_for_current_user()` to filter restricted fields. This makes it possible for unauthenticated attackers to access admin-only plugin settings including the administrator email, phone number, internal access tokens, notification configurations, and developer settings via the `/wp-json/ssa/v1/settings/{section}` endpoint. The exposure of appointment tokens also allows an attacker to modify or cancel appointments. | |||||
| CVE-2026-32461 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through <= 9.5.7. | |||||
| CVE-2026-32406 | 2026-03-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5. | |||||
| CVE-2026-4063 | 2026-03-16 | N/A | 4.3 MEDIUM | ||
| The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter. | |||||
| CVE-2026-32376 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9. | |||||
| CVE-2026-32404 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3. | |||||
| CVE-2026-32421 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1. | |||||
| CVE-2026-32337 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5. | |||||
| CVE-2026-32396 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13. | |||||
| CVE-2026-32402 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | |||||
| CVE-2026-32437 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3. | |||||
| CVE-2026-32487 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. | |||||
| CVE-2026-32338 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1. | |||||
| CVE-2026-32452 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. | |||||
| CVE-2026-32486 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9. | |||||
| CVE-2026-32447 | 2026-03-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2. | |||||
| CVE-2026-32374 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9. | |||||
| CVE-2026-32346 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through <= 1.5.5. | |||||