15919 matches found
CVE-2026-10083
The CVE concerns the APCu Manager WordPress plugin prior to version 4.5.0. The root cause is that APCu object-cache keys are not escaped before rendering in an admin page, enabling a Stored XSS when a persistent object cache is used. Cache keys derived from unsanitised user input (e.g., a transie...
CVE-2026-11597
The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied 'account' and 'id' shortcode...
CVE-2026-13295
The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...
EUVD-2026-39945
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...
CVE-2026-57633
CVE-2026-57633 describes an unauthenticated sensitive data exposure affecting the WordPress plugin WCBoost – Products Compare for versions up to 1.1.0 . The connected sources confirm the affected component and the exposure but do not provide attacker vectors, specific data exposed, root cause det...
CVE-2026-57321 WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...
CVE-2026-57316 WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...
CVE-2026-57316
CVE-2026-57316 concerns the WordPress GetGenie plugin (versions up to 4.4.2). The issue is described as Subscriber Sensitive Data Exposure, indicating that subscriber data may be exposed due to a vulnerability in the affected plugin. The CVSS 3.1 data in the initial document assigns a base score ...
CVE-2026-56026 WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability
Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...
CVE-2026-54847 WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...
WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by endy in WordPress Plugin Panorama Viewer – 360 Degree Image + Video Viewer versions = 1.6.1...
WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Abandoned Cart Lite for WooCommerce versions = 6.8.0...
WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Kirki versions = 6.0.11...
CVE-2026-57700
Summary of CVE-2026-57700 (WordPress OMGF Pro plugin
CVE-2026-54842 WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...
CVE-2026-56071
CVE-2026-56071 affects WordPress Forminator plugin versions
CVE-2026-56051 WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...
CVE-2026-56049
CVE-2026-56049 affects WordPress Post Snippets plugin and is a Remote Code Execution vulnerability in versions