CVE-2026-56013 is a medium-severity vulnerability in License Manager for WooCommerce versions up to 3.0.15. The vulnerability allows unauthenticated attackers to access sensitive information due to an insecure direct object reference (IDOR) issue. This vulnerability was made public on June 25, 2026, and last modified on June 29, 2026. The CVSS score for this vulnerability is 6.5. The vendor for this produ [truncated]
A Subscriber Broken Access Control vulnerability was found in myCred plugin versions <= 3.0.3. This CVE has a CVSS score of 6.5 and a CVSS severity of MEDIUM. The vulnerability was published on [2026-06-15T21:16:51.783Z](https://www.cve.org/CVERecord?id=CVE-2026-40794) and last modified on [2026-06-15T21:24:32.790Z](https://www.cve.org/CVERecord?id=CVE-2026-40794). The vulnerability is categorized under C [truncated]
CVE-2025-69332 is a MEDIUM severity vulnerability (CVSS Score: 6.5) affecting the Bookify plugin versions <= 1.1.1. The vulnerability is categorized as a Subscriber Broken Access Control issue. This vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
A stored cross-site scripting (XSS) vulnerability exists in the myCred WordPress plugin, affecting versions up to and including 3.0.4. The weakness stems from improper neutralization of input during web page generation (CWE-79), allowing an attacker with low privileges to inject and persist malicious scripts that execute in the context of other users' browsers. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:C [truncated]