457665 matches found
CVE-2026-54806 WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Activity Log = 5.6.3.1 versions...
CVE-2026-54806
Affected software: WordPress WP Activity Log plugin (vulnerable <= 5.6.3.1). Issue: unauthenticated PHP Object Injection. Root cause and technical specifics are not detailed in the provided documents beyond the vulnerability type. Impact metrics indicate a high-severity CVSS v3.1 score of 9.8 ...
CVE-2026-54186 WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...
CVE-2026-54187 WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...
CVE-2026-54187
CVE-2026-54187 affects the WordPress JetEngine plugin, vulnerable in versions up to 3.8.10.1. The issue is an unauthenticated SQL injection in JetEngine = 3.8.10.2 or later and implement mitigations per vendor guidance. The documents do not indicate in-the-wild exploitation or CVSS vectors beyond...
CVE-2026-54186
CVE-2026-54186 concerns the WordPress JobSearch plugin, affected version range
CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-54185
CVE-2026-54185 – WordPress Cornerstone plugin (
CVE-2026-52706
CVE-2026-52706 : Unauthenticated PHP Object Injection in WordPress JetEngine plugin (versions ≤ 3.8.10). Affected component: JetEngine; vulnerability type: PHP Object Injection. Impact: high confidentiality, integrity, and availability (CVSS 3.1 base score 9.8; network attack vector; no user inte...
CVE-2026-52706 WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...
CVE-2026-49107 WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Thrive Apprentice 10.8.10.2 versions...
CVE-2026-49107
CVE-2026-49107 concerns unauthenticated PHP Object Injection in the WordPress Thrive Apprentice plugin for versions below 10.8.10.2. The vulnerability is described as an unauthenticated PHP Object Injection, affecting Thrive Apprentice, with a CVSS v3.1 base score of 9.8 (CRITICAL) and an attack ...
CVE-2026-49084
JetEngine (WordPress plugin) versions earlier than 3.8.9.1 are affected by unauthenticated SQL Injection. The vulnerability is described as a high-severity (CVSS 3.1: 9.3) issue with network access and no required privileges, impacting confidentiality. A fix is available in 3.8.9.1 and later; upg...
CVE-2026-49084 WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...
CVE-2026-49076
CVE-2026-49076 describes an unauthenticated SQL Injection in WordPress JetEngine plugin versions <= 3.8.9.1. The vulnerability affects JetEngine’s handling of input in a way that allows arbitrary SQL execution without authentication, with the CVSS 3.1 base score listed as 9.3 (CRITICAL) and ne...
CVE-2026-49076 WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...
CVE-2026-49079
The CVE concerns the WordPress JetSearch plugin, affected versions are <= 3.5.17. It describes an unauthenticated SQL injection vulnerability in JetSearch that can be exploited over the network without authentication, potentially compromising confidentiality (high) and affecting data queries. ...
CVE-2026-49075
The CVE covers a PHP Object Injection flaw in the WordPress JetEngine plugin, affecting versions
CVE-2026-49075 WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability
Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...
CVE-2026-48967
CVE-2026-48967 concerns a SQL Injection vulnerability in the WordPress Geo Mashup plugin (versions