457634 matches found
CVE-2026-52706 WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...
CVE-2026-49107 WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...
CVE-2026-49107
CVE-2026-49107 concerns unauthenticated PHP Object Injection in the WordPress Thrive Apprentice plugin for versions below 10.8.10.2. The vulnerability is described as an unauthenticated PHP Object Injection, affecting Thrive Apprentice, with a CVSS v3.1 base score of 9.8 (CRITICAL) and an attack ...
CVE-2026-49084
JetEngine (WordPress plugin) versions earlier than 3.8.9.1 are affected by unauthenticated SQL Injection. The vulnerability is described as a high-severity (CVSS 3.1: 9.3) issue with network access and no required privileges, impacting confidentiality. A fix is available in 3.8.9.1 and later; upg...
CVE-2026-49084 WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...
CVE-2026-49076
CVE-2026-49076 describes an unauthenticated SQL Injection in WordPress JetEngine plugin versions <= 3.8.9.1. The vulnerability affects JetEngine’s handling of input in a way that allows arbitrary SQL execution without authentication, with the CVSS 3.1 base score listed as 9.3 (CRITICAL) and ne...
CVE-2026-49076 WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...
CVE-2026-49079
The CVE concerns the WordPress JetSearch plugin, affected versions are <= 3.5.17. It describes an unauthenticated SQL injection vulnerability in JetSearch that can be exploited over the network without authentication, potentially compromising confidentiality (high) and affecting data queries. ...
CVE-2026-49075
The CVE covers a PHP Object Injection flaw in the WordPress JetEngine plugin, affecting versions
CVE-2026-49075 WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability
Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...
CVE-2026-48967
CVE-2026-48967 concerns a SQL Injection vulnerability in the WordPress Geo Mashup plugin (versions
CVE-2026-48967 WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability
Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...
CVE-2026-48875
The CVE concerns the WordPress JetSmartFilters plugin, version scope
CVE-2026-48875 WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...
CVE-2026-42380
CVE-2026-42380 covers the WordPress AI Lab theme prior to version 5.4.2, which is vulnerable to unauthenticated PHP Object Injection. The Patchstack entry and CVE records indicate the vulnerability is fixed in 5.4.2. Impact is high (remote, unauthenticated) per the CVSS vector: Network, None priv...
CVE-2026-42380 WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in AI Lab 5.4.2 versions...
CVE-2026-40753 WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...
CVE-2026-40753
CVE-2026-40753 affects the WordPress EasyMeals theme (versions ≤ 1.5.1). The vulnerability is an unauthenticated PHP Object Injection in EasyMeals, caused by unsafe object handling in the affected component. The published metrics indicate a high impact (CVSS v3.1: 8.1, HIGH) with network attack v...
CVE-2026-40735 WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Reina = 2.1 versions...
CVE-2026-40735
Summary: CVE-2026-40735 concerns unauthenticated PHP Object Injection in WordPress Reina theme versions <= 2.1. The vulnerability is tied to the Reina plugin/theme codebase and is described as an unauthenticated PHP Object Injection, with CVSSv3.1 impact vector indicating high severity (8.1 ba...