4.8
CVE-2026-22231 - OPEXUS eCASE Audit Document Check Out stored XSS
OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0.
7.2
CVE-2026-22230 - OPEXUS eCASE Audit incorrect access control
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0.
4.8
CVE-2026-22587 - Ideagen DevonWay Reports page stored XSS
Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS.
5.3
CVE-2026-22486 - WordPress Re Gallery plugin <= 1.18.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Hakob Re Gallery regallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery: from n/a through <= 1.18.9.
4.3
CVE-2026-22487 - WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in baqend Speed Kit baqend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through <= 2.0.2.
5.3
CVE-2026-22488 - WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder dashboard-welcome-for-beaver-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through <= 1.0.8.
4.3
CVE-2026-22489 - WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerabiβ¦
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow image-slider-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through <= 1.8.
5.4
CVE-2026-22490 - WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vβ¦
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through <= 2.4.9.
4.3
CVE-2026-22492 - WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.
5.4
CVE-2026-22517 - WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerabilβ¦
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.