Total
8047 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32452 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0. | |||||
| CVE-2026-32486 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9. | |||||
| CVE-2026-32447 | 2026-04-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2. | |||||
| CVE-2026-32374 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9. | |||||
| CVE-2026-32336 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Rara Business rara-business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Business: from n/a through <= 1.3.0. | |||||
| CVE-2026-3226 | 2026-04-22 | N/A | 4.3 MEDIUM | ||
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check before dispatching to handler functions. The wp_rest nonce is embedded in the frontend JavaScript for all authenticated users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger arbitrary email notifications to admins, instructors, and users, enabling email flooding, social engineering, and impersonation of admin decisions regarding instructor requests. | |||||
| CVE-2026-32407 | 2026-04-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8. | |||||
| CVE-2026-32387 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46. | |||||
| CVE-2026-32377 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2. | |||||
| CVE-2026-32453 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0. | |||||
| CVE-2026-32439 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14. | |||||
| CVE-2026-32371 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3. | |||||
| CVE-2026-32440 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1. | |||||
| CVE-2026-32370 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7. | |||||
| CVE-2026-32543 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Blocks: from n/a through <= 2.2.0. | |||||
| CVE-2026-32341 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9. | |||||
| CVE-2026-32390 | 2026-04-22 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2. | |||||
| CVE-2026-32362 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3. | |||||
| CVE-2026-1948 | 2026-04-22 | N/A | 4.3 MEDIUM | ||
| The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to to deactivate the plugin license. | |||||
| CVE-2026-32416 | 2026-04-22 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0. | |||||