Common Weakness Enumeration

CWE-862

Allowed-with-Review

Missing Authorization

Abstraction: Class · Status: Incomplete

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

14573 vulnerabilities reference this CWE, most recent first.

CVE-2026-4484 (GCVE-0-2026-4484)

Vulnerability from cvelistv5 – Published: 2026-03-26 01:25 – Updated: 2026-04-08 16:42
VLAI
Title
Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator
Summary
The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Hunter Jensen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T17:36:49.719811Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T17:51:16.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Masteriyo LMS \u2013 Online Course Builder for eLearning, LMS \u0026 Education",
          "vendor": "masteriyo",
          "versions": [
            {
              "lessThanOrEqual": "2.1.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hunter Jensen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the \u0027InstructorsController::prepare_object_for_database\u0027 function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:42:43.176Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/265be0af-66a4-4636-ab81-f8e2c5a1282e?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/learning-management-system/tags/2.1.6/includes/RestApi/Controllers/Version1/InstructorsController.php#L305"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3490792/learning-management-system/trunk/includes/RestApi/Controllers/Version1/InstructorsController.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-20T15:14:38.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-03-25T12:44:04.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Masteriyo LMS \u003c= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4484",
    "datePublished": "2026-03-26T01:25:33.967Z",
    "dateReserved": "2026-03-20T07:04:46.566Z",
    "dateUpdated": "2026-04-08T16:42:43.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4365 (GCVE-0-2026-4365)

Vulnerability from cvelistv5 – Published: 2026-04-14 01:24 – Updated: 2026-04-14 13:48
VLAI
Title
LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion
Summary
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it possible for unauthenticated attackers to delete any quiz answer option by sending a crafted POST request with a publicly available nonce.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Supakiad S.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4365",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T13:47:01.056961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T13:48:54.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses",
          "vendor": "thimpress",
          "versions": [
            {
              "lessThanOrEqual": "4.3.2.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Supakiad S."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it possible for unauthenticated attackers to delete any quiz answer option by sending a crafted POST request with a publicly available nonce."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T01:24:59.735Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/021bd566-1663-46ba-a616-ab554b691cbb?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/Ajax/EditQuestionAjax.php#L285"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/Ajax/AbstractAjax.php#L33"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/class-lp-assets.php#L177"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-17T21:00:54.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-04-13T12:59:29.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "LearnPress \u003c= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4365",
    "datePublished": "2026-04-14T01:24:59.735Z",
    "dateReserved": "2026-03-17T20:45:25.774Z",
    "dateUpdated": "2026-04-14T13:48:54.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4362 (GCVE-0-2026-4362)

Vulnerability from cvelistv5 – Published: 2026-05-05 04:27 – Updated: 2026-05-05 15:10
VLAI
Title
ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite
Summary
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress `init` action and triggers when both `post` and `action=elementor` GET parameters are present, with no authentication or nonce verification. This makes it possible for unauthenticated attackers to overwrite the Elementor content (`_elementor_data`) of any `elementskit_widget` custom post type by visiting a specially crafted URL. The widget's custom designs, text, and configurations are permanently replaced with a blank template.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Jack Pas
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4362",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-05T15:09:46.346182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-05T15:10:20.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ElementsKit Elementor Addons \u2013 Advanced Widgets \u0026 Templates Addons for Elementor",
          "vendor": "roxnor",
          "versions": [
            {
              "lessThanOrEqual": "3.8.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jack Pas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress `init` action and triggers when both `post` and `action=elementor` GET parameters are present, with no authentication or nonce verification. This makes it possible for unauthenticated attackers to overwrite the Elementor content (`_elementor_data`) of any `elementskit_widget` custom post type by visiting a specially crafted URL. The widget\u0027s custom designs, text, and configurations are permanently replaced with a blank template."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T04:27:56.288Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7740fdfb-65b2-4d27-935f-b0e73487f0c4?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.8.0/modules/widget-builder/live-action.php#L27"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.8.0/modules/widget-builder/live-action.php#L10"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.8.0/modules/widget-builder/init.php#L37"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3499543/elementskit-lite/trunk/modules/widget-builder/live-action.php"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Felementskit-lite/tags/3.8.2\u0026new_path=%2Felementskit-lite/tags/3.9.0"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-17T20:33:02.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-05-04T16:06:48.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "ElementsKit Elementor Addons \u003c= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4362",
    "datePublished": "2026-05-05T04:27:56.288Z",
    "dateReserved": "2026-03-17T20:15:55.299Z",
    "dateUpdated": "2026-05-05T15:10:20.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4331 (GCVE-0-2026-4331)

Vulnerability from cvelistv5 – Published: 2026-03-26 03:37 – Updated: 2026-04-08 17:02
VLAI
Title
Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action
Summary
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as the plugin grants 'blog2social_access' capability to all roles upon activation, allowing them to access the plugin's admin pages where the nonce is output. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all _b2s_post_meta records from the wp_postmeta table, permanently removing all custom social media meta tags for every post on the site.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Mariusz Maik
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:58:57.835307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:59:06.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Blog2Social: Social Media Auto Post \u0026 Scheduler",
          "vendor": "pr-gateway",
          "versions": [
            {
              "lessThanOrEqual": "8.8.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mariusz Maik"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Blog2Social: Social Media Auto Post \u0026 Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the \u0027read\u0027 capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as the plugin grants \u0027blog2social_access\u0027 capability to all roles upon activation, allowing them to access the plugin\u0027s admin pages where the nonce is output. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all _b2s_post_meta records from the wp_postmeta table, permanently removing all custom social media meta tags for every post on the site."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:02:57.800Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc46bc4-ecfb-438f-b951-7b957489cd96?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L1290"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L1290"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L1281"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L1281"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L37"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L37"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Loader.php#L2202"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Loader.php#L2202"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.3/includes/Ajax/Post.php#L1301"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-17T14:08:09.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-03-25T14:26:40.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Blog2Social: Social Media Auto Post \u0026 Scheduler \u003c= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via \u0027b2s_reset_social_meta_tags\u0027 AJAX Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4331",
    "datePublished": "2026-03-26T03:37:27.541Z",
    "dateReserved": "2026-03-17T13:53:00.541Z",
    "dateUpdated": "2026-04-08T17:02:57.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4326 (GCVE-0-2026-4326)

Vulnerability from cvelistv5 – Published: 2026-04-09 01:25 – Updated: 2026-04-09 13:50
VLAI
Title
Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'
Summary
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can('install_plugins') capability check does not terminate execution when it fails — it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is only sent after the installation and activation have already completed. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins from the WordPress.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
webilia Vertex Addons for Elementor Affected: 0 , ≤ 1.6.4 (semver)
Create a notification for this product.
Credits
Athiwat Tiprasaharn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4326",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T13:50:00.630747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T13:50:45.630Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vertex Addons for Elementor",
          "vendor": "webilia",
          "versions": [
            {
              "lessThanOrEqual": "1.6.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Athiwat Tiprasaharn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. This is due to improper authorization enforcement in the activate_required_plugins() function. Specifically, the current_user_can(\u0027install_plugins\u0027) capability check does not terminate execution when it fails \u2014 it only sets an error message variable while allowing the plugin installation and activation code to execute. The error response is only sent after the installation and activation have already completed. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins from the WordPress."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T01:25:55.660Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb409f0-ccbd-4dfa-b097-b29ee539daa3?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L264"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L264"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L278"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L278"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L229"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L229"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/trunk/app/Ajax.php#L232"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor-builder/tags/1.6.4/app/Ajax.php#L232"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3491143%40addons-for-elementor-builder\u0026new=3491143%40addons-for-elementor-builder\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-23T23:52:28.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-04-08T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Vertex Addons for Elementor \u003c= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via \u0027afeb_activate_required_plugins\u0027"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4326",
    "datePublished": "2026-04-09T01:25:55.660Z",
    "dateReserved": "2026-03-17T13:09:41.727Z",
    "dateUpdated": "2026-04-09T13:50:45.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4309 (GCVE-0-2026-4309)

Vulnerability from cvelistv5 – Published: 2026-03-27 11:46 – Updated: 2026-04-10 04:10
VLAI
Summary
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
NEC
Impacted products
Vendor Product Version
NEC Platforms, Ltd. Aterm W1200EX(-MS) Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HP2 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1900HP Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HS2 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1800HP3 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HP3 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1900HP2 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HS3 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1800HP4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HP4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200HS4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX1500HP Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HS Affected: Before Ver. 1.7.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WF1200CR Affected: Before Ver. 1.6.0
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200CR Affected: Before Ver. 1.5.0
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HP4 Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HM4 Affected: Before Ver. 1.4.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG2600HS2 Affected: Before Ver. 1.3.2
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX3000HP Affected: Before Ver. 2.5.0
Create a notification for this product.
NEC Platforms, Ltd. Aterm WX3600HP Affected: Before Ver. 1.5.3
Create a notification for this product.
NEC Platforms, Ltd. Aterm GX1200HP Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm GX1200HS4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm WG1200DM4 Affected: All versions
Create a notification for this product.
NEC Platforms, Ltd. Aterm GB1200PE Affected: Before Ver. 1.3.1
Create a notification for this product.
Credits
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4309",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T12:00:30.434329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T12:15:32.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Aterm W1200EX(-MS)",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HP2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1900HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HS2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1800HP3",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HP3",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1900HP2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HS3",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1800HP4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HP4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200HS4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX1500HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HS",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.7.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WF1200CR",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.6.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200CR",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HP4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HM4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.4.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG2600HS2",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.3.2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX3000HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 2.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WX3600HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.5.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm GX1200HP",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm GX1200HS4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm WG1200DM4",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Aterm GB1200PE",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Before Ver. 1.3.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
            }
          ],
          "value": "Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T04:10:43.726Z",
        "orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
        "shortName": "NEC"
      },
      "references": [
        {
          "url": "https://jpn.nec.com/security-info/secinfo/nv26-001_en.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
    "assignerShortName": "NEC",
    "cveId": "CVE-2026-4309",
    "datePublished": "2026-03-27T11:46:26.310Z",
    "dateReserved": "2026-03-17T01:53:09.153Z",
    "dateUpdated": "2026-04-10T04:10:43.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4301 (GCVE-0-2026-4301)

Vulnerability from cvelistv5 – Published: 2026-05-12 07:48 – Updated: 2026-05-12 12:56
VLAI
Title
Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
Summary
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler lacks both capability checks and nonce verification. The only access control is an is_user_logged_in() check. When the 'form' parameter is set to 'update', the function takes an arbitrary post ID from the user-supplied 'rating_id' GET parameter, sets it as the post ID in the update array, and passes it directly to wp_update_post(). This overwrites the target post's title, content, author (changed to the attacker's user ID), post_type (changed to the plugin's custom post type, default 'review'), and status. Additionally, update_post_meta() is called on the arbitrary post ID at lines 758-763, modifying its metadata. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title, content, author, post type, and metadata of arbitrary posts and pages on the site via the 'rating_id' parameter, effectively allowing full post content takeover.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Cipher Forensic
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4301",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T12:56:10.766366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:56:54.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star Ratings",
          "vendor": "videowhisper",
          "versions": [
            {
              "lessThanOrEqual": "1.6.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cipher Forensic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsr_review() AJAX handler lacks both capability checks and nonce verification. The only access control is an is_user_logged_in() check. When the \u0027form\u0027 parameter is set to \u0027update\u0027, the function takes an arbitrary post ID from the user-supplied \u0027rating_id\u0027 GET parameter, sets it as the post ID in the update array, and passes it directly to wp_update_post(). This overwrites the target post\u0027s title, content, author (changed to the attacker\u0027s user ID), post_type (changed to the plugin\u0027s custom post type, default \u0027review\u0027), and status. Additionally, update_post_meta() is called on the arbitrary post ID at lines 758-763, modifying its metadata. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the title, content, author, post type, and metadata of arbitrary posts and pages on the site via the \u0027rating_id\u0027 parameter, effectively allowing full post content takeover."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T07:48:17.336Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/107cb15f-4b2e-4ed4-8e8a-4f716f4873db?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/rate-star-review/trunk/rate-star-review.php#L754"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/rate-star-review/tags/1.6.4/rate-star-review.php#L754"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/rate-star-review/trunk/rate-star-review.php#L730"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/rate-star-review/tags/1.6.4/rate-star-review.php#L730"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/rate-star-review/trunk/rate-star-review.php#L758"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/rate-star-review/tags/1.6.4/rate-star-review.php#L758"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-11T19:07:44.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Rate Star Review Vote \u003c= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via \u0027rating_id\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4301",
    "datePublished": "2026-05-12T07:48:17.336Z",
    "dateReserved": "2026-03-16T20:01:00.547Z",
    "dateUpdated": "2026-05-12T12:56:54.390Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4299 (GCVE-0-2026-4299)

Vulnerability from cvelistv5 – Published: 2026-04-08 03:36 – Updated: 2026-04-13 15:15
VLAI
Title
MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
Summary
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeat_received() function in the Live_Update class. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain MainWP Child Reports activity log entries (including action summaries, user information, IP addresses, and contextual data) via the WordPress Heartbeat API by sending a crafted heartbeat request with the 'wp-mainwp-stream-heartbeat' data key.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
mainwp MainWP Child Reports Affected: 0 , ≤ 2.2.6 (semver)
Create a notification for this product.
Credits
Hunter Jensen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4299",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T15:06:40.658600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T15:15:10.520Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MainWP Child Reports",
          "vendor": "mainwp",
          "versions": [
            {
              "lessThanOrEqual": "2.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hunter Jensen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeat_received() function in the Live_Update class. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain MainWP Child Reports activity log entries (including action summaries, user information, IP addresses, and contextual data) via the WordPress Heartbeat API by sending a crafted heartbeat request with the \u0027wp-mainwp-stream-heartbeat\u0027 data key."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:02:53.164Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4141bd-cd3f-44e9-b423-be03377a342d?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/trunk/classes/class-live-update.php#L182"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/tags/2.2.6/classes/class-live-update.php#L182"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/trunk/classes/class-live-update.php#L44"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/mainwp-child-reports/tags/2.2.6/classes/class-live-update.php#L44"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3490157%40mainwp-child-reports\u0026new=3490157%40mainwp-child-reports\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-16T20:41:23.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-04-07T15:21:54.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "MainWP Child Reports \u003c= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4299",
    "datePublished": "2026-04-08T03:36:09.655Z",
    "dateReserved": "2026-03-16T19:23:21.908Z",
    "dateUpdated": "2026-04-13T15:15:10.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4298 (GCVE-0-2026-4298)

Vulnerability from cvelistv5 – Published: 2026-07-09 09:31 – Updated: 2026-07-09 14:39
VLAI
Title
DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
Summary
The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
mlfactory DSGVO All in one for WP Affected: 0 , ≤ 4.9 (semver)
Create a notification for this product.
Credits
nudien udin nudien
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-09T14:39:32.001412Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-09T14:39:42.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DSGVO All in one for WP",
          "vendor": "mlfactory",
          "versions": [
            {
              "lessThanOrEqual": "4.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "nudien udin"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "nudien"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T09:31:21.285Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8a5268-03a2-48c6-9c59-840a11e7a34f?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/trunk/dsgvo_all_in_one_wp.php#L1123"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/tags/4.9/dsgvo_all_in_one_wp.php#L1123"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/trunk/dsgvo_all_in_one_wp.php#L56"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/dsgvo-all-in-one-for-wp/tags/4.9/dsgvo_all_in_one_wp.php#L56"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3503821%40dsgvo-all-in-one-for-wp\u0026new=3503821%40dsgvo-all-in-one-for-wp"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-08T20:46:28.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "DSGVO All in one for WP \u003c= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4298",
    "datePublished": "2026-07-09T09:31:21.285Z",
    "dateReserved": "2026-03-16T19:14:02.711Z",
    "dateUpdated": "2026-07-09T14:39:42.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4297 (GCVE-0-2026-4297)

Vulnerability from cvelistv5 – Published: 2026-06-24 05:33 – Updated: 2026-06-24 14:50
VLAI
Title
Welcome Software Publishing <= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via 'nc.setOption' XML-RPC Method
Summary
The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server->login() (verifying credentials are valid) but does not perform any authorization check such as current_user_can('manage_options'). This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary WordPress options via XML-RPC requests. This can be leveraged to change the default_role option to 'administrator' and then register a new administrator account, achieving full privilege escalation and site takeover.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
newscred Welcome Software Publishing Affected: 0 , ≤ 0.0.31 (semver)
Create a notification for this product.
Credits
Nabil Irawan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4297",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-24T14:49:59.958116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-24T14:50:13.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Welcome Software Publishing",
          "vendor": "newscred",
          "versions": [
            {
              "lessThanOrEqual": "0.0.31",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nabil Irawan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to a missing capability check in the nc_setOption() function, which is exposed via the nc.setOption XML-RPC method. The function authenticates the user via $wp_xmlrpc_server-\u003elogin() (verifying credentials are valid) but does not perform any authorization check such as current_user_can(\u0027manage_options\u0027). This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary WordPress options via XML-RPC requests. This can be leveraged to change the default_role option to \u0027administrator\u0027 and then register a new administrator account, achieving full privilege escalation and site takeover."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-24T05:33:24.530Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47e53fd3-4e3f-433a-8e70-3a58c864184a?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L272"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L272"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L264"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L264"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L265"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L265"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/trunk/newscred.php#L44"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/newscred-publishing/tags/0.0.31/newscred.php#L44"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-23T16:42:18.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Welcome Software Publishing \u003c= 0.0.31 - Authenticated (Subscriber+) Arbitrary Options Update to Privilege Escalation via \u0027nc.setOption\u0027 XML-RPC Method"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-4297",
    "datePublished": "2026-06-24T05:33:24.530Z",
    "dateReserved": "2026-03-16T18:58:52.144Z",
    "dateUpdated": "2026-06-24T14:50:13.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design
  • Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
  • Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Architecture and Design

Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].

Mitigation MIT-4.4
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Architecture and Design
  • For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
  • One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
System Configuration Installation

Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.