1746 matches found
CVE-2026-57298
CVE-2026-57298: A CSRF in the Jenkins Contrast Continuous Application Security Plugin (version 3.11 and earlier) allows an attacker to cause Jenkins to access an attacker-specified URL using attacker-specified username, API key, and service key. Affected: Jenkins Contrast Continuous Application S...
WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...
WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...
CVE-2026-54196
Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.
CVE-2026-52692
Affected software: WordPress Affiliates Manager plugin (WordPress)
CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
CVE-2026-49070
CVE-2026-49070 affects the WordPress Knit Pay plugin (versions
CVE-2026-49068 WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48880 WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...
CVE-2026-48871
The MW WP Form WordPress plugin, versions ≤ 5.1.3, has an unauthenticated Cross Site Scripting (XSS) vulnerability. The provided documents do not specify the exact vulnerable component, root cause, exploit details, or a remediation version. Exploitation status is not described. Monitor Patchstack...
CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability
Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...
CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...
CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42657
CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...
CVE-2026-42381 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...
CVE-2026-40799
CVE-2026-40799 affects the WordPress plugin Simple Cloudflare Turnstile (versions
CVE-2026-40798
WPForo Forum plugin for WordPress <= 3.0.4 is affected by an unauthenticated SQL injection vulnerability. The CVE entry cites unauthenticated SQL Injection in wpForo Forum <= 3.0.4, with CVSSv3.1 base score 9.3 (CRITICAL) and impact TIC: Confidentiality High, Availability Low, no privileges...
CVE-2026-40781
CVE-2026-40781 affects the WordPress ReviewX plugin ≤ 2.3.6. Root cause: unauthenticated broken authentication vulnerability leading to high-severity impact (CVSSv3.1 base score 7.5; Network attack vector, no user interaction, no privileges required; integrity impact HIGH). Affected software is t...