Total
8047 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32380 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0. | |||||
| CVE-2026-32425 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3. | |||||
| CVE-2026-32375 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4. | |||||
| CVE-2026-32428 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7. | |||||
| CVE-2026-32329 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1. | |||||
| CVE-2026-32445 | 2026-04-22 | N/A | 2.7 LOW | ||
| Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5. | |||||
| CVE-2026-32446 | 2026-04-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3. | |||||
| CVE-2026-3977 | 2026-04-22 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2026-32339 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Bakes And Cakes bakes-and-cakes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bakes And Cakes: from n/a through <= 1.2.9. | |||||
| CVE-2026-32379 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2. | |||||
| CVE-2026-32381 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2. | |||||
| CVE-2026-32350 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5. | |||||
| CVE-2026-2890 | 2026-04-22 | N/A | 7.5 HIGH | ||
| The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent status without comparing the intent's charged amount against the expected payment amount, and the `verify_intent()` function validating only client secret ownership without binding intents to specific forms or actions. This makes it possible for unauthenticated attackers to reuse a PaymentIntent from a completed low-value payment to mark a high-value payment as complete, effectively bypassing payment for goods or services. | |||||
| CVE-2026-32363 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1. | |||||
| CVE-2026-31919 | 2026-04-22 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1. | |||||
| CVE-2026-32382 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4. | |||||
| CVE-2026-32432 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42. | |||||
| CVE-2026-1870 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to disclose private or draft LearnPress course content by supplying post_status in the params_url payload. | |||||
| CVE-2026-32423 | 2026-04-22 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0. | |||||
| CVE-2026-32457 | 2026-04-22 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18. | |||||