Total
7227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2373 | 2026-03-17 | N/A | 5.3 MEDIUM | ||
| The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1049 via the get_main_query_args() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract contents of non-public custom post types, such as Contact Form 7 submissions or WooCommerce coupons. | |||||
| CVE-2026-32583 | 2026-03-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0. | |||||
| CVE-2026-4202 | 2026-03-17 | N/A | N/A | ||
| The extension fails to verify, if an authenticated user has permissions to access to redirects resulting in exposure of redirect records when editing a page. | |||||
| CVE-2026-32131 | 1 Zitadel | 1 Zitadel | 2026-03-16 | N/A | 7.7 HIGH |
| ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.grant.read, or project.app.read) to retrieve management-plane information belonging to other organizations by specifying a different tenant’s project_id, grant_id, or app_id. This vulnerability is fixed in 3.4.8 and 4.12.2. | |||||
| CVE-2026-32394 | 2026-03-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0. | |||||
| CVE-2026-32390 | 2026-03-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2. | |||||
| CVE-2026-32385 | 2026-03-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | |||||
| CVE-2026-32373 | 2026-03-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0. | |||||
| CVE-2026-32329 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related Posts: from n/a through <= 1.9.1. | |||||
| CVE-2026-31919 | 2026-03-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.7.1. | |||||
| CVE-2026-2890 | 2026-03-16 | N/A | 7.5 HIGH | ||
| The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as complete based solely on the Stripe PaymentIntent status without comparing the intent's charged amount against the expected payment amount, and the `verify_intent()` function validating only client secret ownership without binding intents to specific forms or actions. This makes it possible for unauthenticated attackers to reuse a PaymentIntent from a completed low-value payment to mark a high-value payment as complete, effectively bypassing payment for goods or services. | |||||
| CVE-2026-31915 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. | |||||
| CVE-2026-31916 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.1. | |||||
| CVE-2026-32391 | 2026-03-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4. | |||||
| CVE-2026-32487 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7. | |||||
| CVE-2026-32386 | 2026-03-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13. | |||||
| CVE-2026-32379 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2. | |||||
| CVE-2026-32341 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in raratheme Benevolent benevolent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Benevolent: from n/a through <= 1.3.9. | |||||
| CVE-2026-32331 | 2026-03-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4. | |||||
| CVE-2026-32402 | 2026-03-16 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1. | |||||