The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
7,701 vulnerabilities with CWE-862
CVE-2026-39680
MEDIUM
WordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39678
MEDIUM
WordPress Pinpoint Booking System plugin <= 2.9.9.6.5 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39676
MEDIUM
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39675
MEDIUM
WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39673
MEDIUM
WordPress iZooto plugin <= 3.7.20 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39672
MEDIUM
WordPress ShipTime: Discounted Shipping Rates plugin <= 1.1.1 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39669
MEDIUM
WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39668
MEDIUM
WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39664
MEDIUM
WordPress Leadrebel plugin <= 1.0.2 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39663
MEDIUM
WordPress TrueBooker plugin <= 1.1.5 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39662
MEDIUM
WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39660
MEDIUM
WordPress WP Job Manager plugin <= 2.4.1 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39659
MEDIUM
WordPress Ultimate Member plugin <= 2.11.3 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39658
MEDIUM
WordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39657
MEDIUM
WordPress leadlovers forms plugin <= 1.0.2 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39656
MEDIUM
WordPress Razorpay for WooCommerce plugin <= 4.8.2 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39653
MEDIUM
WordPress Video Conferencing with Zoom plugin <= 4.6.6 - Broken Access Control vulnerability
CVSS 4.3
CVE-2026-39652
MEDIUM
WordPress iGMS Direct Booking plugin <= 1.3 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39651
MEDIUM
WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability
CVSS 6.5
CVE-2026-39650
MEDIUM
WordPress UnitechPay plugin <= 1.0.2 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39649
MEDIUM
WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39648
MEDIUM
WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39644
MEDIUM
WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39643
MEDIUM
WordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control vulnerability
CVSS 5.3
CVE-2026-39639
MEDIUM
WordPress RPS Include Content plugin <= 1.2.2 - Broken Access Control vulnerability
CVSS 6.5
Details
Vulnerabilities
7,701
Exploit Likelihood
High