The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,211 vulnerabilities with CWE-862
CVE-2026-39624
MEDIUM
WordPress Biolife theme <= 3.2.3 - Arbitrary Shortcode Execution vulnerability
CVSS 5.3
CVE-2026-39622
MEDIUM
WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39614
MEDIUM
WordPress JW Player for WordPress plugin <= 2.3.6 - Broken Access Control vulnerability
CVSS 5.4
CVE-2026-39612
MEDIUM
WordPress KuteShop theme <= 4.2.9 - Arbitrary Shortcode Execution vulnerability
CVSS 5.3
CVE-2026-39610
MEDIUM
WordPress WpXmas-Snow plugin <= 1.1 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39609
MEDIUM
WordPress Wava Payment plugin <= 0.3.7 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39608
MEDIUM
WordPress iPOSpays Gateways WC plugin <= 1.3.7 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39607
MEDIUM
WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability
CVSS 5.4
CVE-2026-39606
MEDIUM
WordPress BizReview plugin <= 1.5.13 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39605
MEDIUM
WordPress Super Custom Login plugin <= 1.1 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39602
MEDIUM
WordPress Order Tracking plugin <= 3.4.3 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39592
MEDIUM
WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability
CVSS 4.3
CVE-2026-39588
MEDIUM
WordPress NM Gift Registry and Wishlist Lite plugin <= 5.13 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39585
MEDIUM
WordPress Booktics plugin <= 1.0.16 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39569
MEDIUM
WordPress 12 Step Meeting List plugin <= 3.19.9 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-39565
MEDIUM
WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability
CVSS 4.3
CVE-2026-39563
MEDIUM
WordPress Share This Image plugin <= 2.12 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39562
MEDIUM
WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39561
MEDIUM
WordPress Revive.so plugin <= 2.0.7 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39543
MEDIUM
WordPress Tourfic plugin <= 2.21.4 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39535
MEDIUM
WordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39528
MEDIUM
WordPress WP Delicious plugin <= 1.9.5 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39520
MEDIUM
WordPress weDocs plugin <= 2.1.18 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39509
MEDIUM
WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39506
MEDIUM
WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability
CVSS 4.3
Details
Vulnerabilities
8,211
Exploit Likelihood
High