17115 matches found
CVE-2026-57690
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57689
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57669
Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...
CVE-2026-57343
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-27404
Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...
CVE-2026-27060
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
CVE-2025-69153
Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...
CVE-2025-69155
Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...
CVE-2026-57689
The CVE-2026-57689 entry concerns the WordPress Werkstatt theme (versions up to 4.7.2) with a Broken Access Control flaw. Affected component: Werkstatt WordPress theme; root cause: broken access control mechanisms in version <= 4.7.2. Impact: unauthorized access to restricted functionality, as...
CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability
Contributor SQL Injection in Custom Field Template = 2.7.8 versions...
CVE-2026-57673
Technical details of CVE-2026-57673 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources; the available entries indicate unauthenticated XSS in Optimole
CVE-2026-57669
The affected software is the WordPress plugin Advanced Contact form 7 DB (versions
CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...
CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
CVE-2025-69155
CVE-2025-69155 affects the Fitness Zone WordPress Theme up to version 5.7. It is described as an unauthenticated Cross Site Scripting (XSS) vulnerability in the theme, with CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction...
CVE-2025-69154
CVE-2025-69154 affects the SpaLab | Beauty Salon WordPress Theme up to version 6.7. It is an unauthenticated Cross-Site Scripting (XSS) vulnerability in the theme. The CVSS v3.1 base score is 7.1 (HIGH) with network attack, no privileges required, user interaction required, and low impacts to con...
CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...
Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution
Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...
JoomSport <= 5.7.7 - SQL Injection
The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...