The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,131 vulnerabilities with CWE-862
CVE-2026-49775
MEDIUM
WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-49070
HIGH
WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-49065
HIGH
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
CVSS 8.2
CVE-2026-48887
MEDIUM
WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-48883
HIGH
WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-48881
CRITICAL
WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability
CVSS 9.1
CVE-2026-48873
HIGH
WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-48835
HIGH
WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-48709
LOW
OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration
CVSS 3.7
CVE-2026-42666
HIGH
WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-42664
HIGH
WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability
CVSS 8.2
CVE-2026-42659
MEDIUM
WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-42651
MEDIUM
WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability
CVSS 6.3
CVE-2026-42640
MEDIUM
WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40795
MEDIUM
WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40794
MEDIUM
WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40793
MEDIUM
WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40788
HIGH
WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability
CVSS 7.1
CVE-2026-40782
MEDIUM
WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40776
HIGH
WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-40775
HIGH
WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability
CVSS 7.3
CVE-2026-40774
HIGH
WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability
CVSS 7.5
CVE-2026-40773
MEDIUM
WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40743
MEDIUM
WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-40741
HIGH
WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability
CVSS 7.5
Details
Vulnerabilities
8,131
Exploit Likelihood
High