266218 matches found
CVE-2026-57787 WordPress CWS SVGicons plugin <= 1.5.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through = 1.5.5...
CVE-2026-61975 WordPress JetReviews plugin <= 3.0.1 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetReviews jet-reviews allows Retrieve Embedded Sensitive Data.This issue affects JetReviews: from n/a through = 3.0.1...
CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...
CVE-2026-59521 WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...
CVE-2026-61970 WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 5.0.4 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...
CVE-2026-61956 WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...
CVE-2026-61983 WordPress Church Admin plugin <= 5.0.30 - Broken Access Control vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...
CVE-2026-57805 WordPress Tonda theme <= 2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Tonda tonda allows PHP Local File Inclusion.This issue affects Tonda: from n/a through = 2.5...
CVE-2026-59516 WordPress ICS Calendar plugin <= 12.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...
CVE-2026-59523 WordPress Simply Schedule Appointments plugin <= 1.6.11.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.11.11...
CVE-2026-61955 WordPress گرویتی فرم فارسی plugin <= 3.0.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hannan گرویتی فرم فارسی persian-gravity-forms allows Blind SQL Injection.This issue affects گرویتی فرم فارسی: from n/a through = 3.0.2...
CVE-2026-61968 WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...
CVE-2026-61976 WordPress JetBlocks For Elementor plugin <= 1.5.0 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.5.0...
CVE-2026-61985 WordPress Car Rental Manager plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...
CVE-2026-57813
CVE-2026-57813 affects the WordPress MailOptin plugin, specifically versions up to 1.2.77.3. The vulnerability is an Incorrect Privilege Assignment that allows Privilege Escalation. Documented risk is high (CVSS v3.1: 9.8, Network, Privileges Required: None, User Interaction: None, Scope: Unchang...
CVE-2026-57409
The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...
CVE-2026-57392
The CVE-2026-57392 entry concerns the WordPress Tourfic plugin (versions up to 2.22.5) with a Missing Authorization / Broken Access Control vulnerability. The root cause is misconfigured access control, enabling unauthorized access to protected resources or actions. Impact is described as broken ...
CVE-2026-57711
CVE-2026-57711 concerns the WordPress plugin SupportCandy
CVE-2026-57732
CVE-2026-57732 : A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the WordPress plugin tagDiv Opt-In Builder (td-subscription), affecting versions
CVE-2026-57694
CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...