Search Results (8436 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6964 2026-06-16 5.3 Medium
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain the site's Zoom SDK API key and a freshly-signed JWT that can be used with the Zoom Web SDK to join any Zoom meeting associated with those credentials without a legitimate invitation.
CVE-2026-52714 2026-06-16 7.5 High
Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.
CVE-2026-42651 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.3 Medium
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
CVE-2026-40793 2 Groundhogg, Wordpress 2 Groundhogg, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
CVE-2026-42640 2 Mamunur Rashid, Wordpress 2 Classified Listing, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
CVE-2026-42659 2 Nasirahmed, Wordpress 2 Advanced Form Integration, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
CVE-2026-48881 2 Themetechmount, Wordpress 2 Truebooker, Wordpress 2026-06-16 9.1 Critical
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
CVE-2026-49065 2 Hippooo, Wordpress 2 Hippoo Mobile App For Woocommerce, Wordpress 2026-06-16 8.2 High
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
CVE-2026-34886 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
CVE-2026-40782 2 Greg Winiarski, Wordpress 2 Wpadverts, Wordpress 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
CVE-2026-40788 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-06-16 7.1 High
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVE-2026-40794 2 Mycred, Wordpress 2 Mycred, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
CVE-2026-34892 2 Rank Math Seo, Wordpress 2 Rank Math Seo, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
CVE-2026-40774 2 Saasproject, Wordpress 2 Booking Package, Wordpress 2026-06-16 7.5 High
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
CVE-2026-48883 2 Wordpress, Wpclever 2 Wordpress, Wpc Product Bundles For Woocommerce 2026-06-16 7.5 High
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
CVE-2026-49775 2026-06-16 6.5 Medium
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
CVE-2026-53821 1 Openclaw 1 Openclaw 2026-06-15 8.8 High
OpenClaw before 2026.5.18 accepts WebSocket client-declared operator scopes before binding to server-approved pairing or trusted-proxy authorization baseline. Unpaired or restricted trusted-proxy Control UI clients can obtain cached operator.admin authority on live WebSocket connections to execute admin-gated Gateway RPCs.
CVE-2026-40773 2026-06-15 6.5 Medium
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.
CVE-2026-46716 1 Nezhahq 1 Nezha 2026-06-15 9.9 Critical
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitrary Command. At every tick of the scheduler, the dashboard pushes that command to every server in the global ServerShared map — including servers that belong to other tenants (admin's servers, other members' servers). Each agent runs the command and returns the output, which is then sent to the attacker's own NotificationGroup → attacker-controlled webhook. This issue has been patched in version 2.0.8.
CVE-2026-48119 1 Nezhahq 1 Nezha 2026-06-15 7.1 High
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12.