5.3
CVE-2026-24613 - WordPress Ecwid Shopping Cart plugin <= 7.0.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.6.
5.3
CVE-2026-24612 - WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
7.5
CVE-2026-24609 - WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
7.5
CVE-2026-24608 - WordPress Laurent Core plugin <= 2.4.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through <= 2.4.1.
5.3
CVE-2026-24607 - WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.
5.3
CVE-2026-24606 - WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13.
4.3
CVE-2026-24605 - WordPress X Addons for Elementor plugin <= 1.0.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.
5.3
CVE-2026-24604 - WordPress Simple GDPR Cookie Compliance plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.
5.3
CVE-2026-24603 - WordPress Universal Google Adsense and Ads manager plugin <= 1.1.8 - Broken Access Control vulnerabβ¦
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.
5.3
CVE-2026-24602 - WordPress Raptive Ads plugin <= 3.10.0 - Broken Access Control vulnerability
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is a false positive. According to the vendor, the function identified as a vulnerability is intentional and part of the expected design.