CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...

CVE-2026-39545

The CVE-2026-39545 entry affects the WordPress Zermatt theme (versions &lt;= 1.6.1) and describes an unauthenticated PHP Object Injection vulnerability in Zermatt

CVE-2026-22340

CVE-2026-22340: Unauthenticated SQL Injection in WordPress WPJobster theme

CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

CVE-2026-22335

The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....

CVE-2026-22332

CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro &lt;=3.9.6, with exploitation status not pr...

CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...

CVE-2025-69135

Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.

CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

CVE-2025-60205

The CVE-2025-60205 entry concerns WordPress ThemeREX Addons plugin version

CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...

CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

CVE-2026-12115

The vulnerability CVE-2026-12115 affects the WordPress plugin Counter Box (versions up to 2.0.13). It allows PHP Object Injection via deserialization of untrusted input and requires authenticated access at Administrator+ level. Deserialization occurs automatically during the post-import redirect ...

CVE-2026-27870 CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, registration action IS required who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting XSS payload into the 'Hostname' field of the configuration...

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-28576

In Android, the Contacts Provider is affected by CVE-2026-28576, caused by a SQL injection in the contacts database access path. This allows local information disclosure without extra execution privileges and without user interaction. The issue is described across CVE entries and ENISA/Android re...

CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

CVE-2026-53876

The RadiX AX6600 WiFi 6 Tri-Band Gaming Router is affected by an OS command injection vulnerability that may lead to arbitrary command execution with root privileges when an administrator logs in to the web console. The issue is described as an OS command injection; the exact root cause details a...