A Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tourfic: from n/a through <= 2.22.5. The vulnerability has a CVSS score of 6.5 and is classified as MEDIUM severity. Users of Themefic Tourfic tourfic plugin up to version 2.22.5 should be aware of this vulnerability and take necessary precautions.
CVE-2026-57388 is a Stored Cross-Site Scripting (XSS) vulnerability in the Hydra Booking plugin for WordPress. The vulnerability affects versions from n/a through 1.1.44. This issue allows an attacker to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity. Administrators and users of t [truncated]
A Subscriber Broken Access Control vulnerability was found in Ultra Addons for WPForms versions <= 1.0.11. This vulnerability has a CVSS score of 6.4 and a severity of MEDIUM. The vulnerability was published on [2026-06-15T21:16:48.167Z](https://www.cve.org/CVERecord?id=CVE-2026-39594) and last modified on [2026-06-15T21:24:32.790Z](https://www.cve.org/CVERecord?id=CVE-2026-39594).
A missing authorization vulnerability in the Themefic Hydra Booking WordPress plugin allows exploitation of incorrectly configured access control security levels. The vulnerability affects versions from n/a through 1.1.41 and has been assigned a CVSS 3.1 score of 7.3 (HIGH). The issue is categorized as CWE-862 (Missing Authorization), indicating that functionality or data accessible to users is not proper [truncated]