11394 matches found
CVE-2026-61977
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Crocoblock JetSearch jet-search allows Retrieve Embedded Sensitive Data.This issue affects JetSearch: from n/a through = 3.6.1.2...
CVE-2026-61968
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...
CVE-2026-59518
Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...
CVE-2026-57795
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...
CVE-2026-57798
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...
CVE-2026-57791
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...
CVE-2026-57783
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in merkulove Speaker speaker allows Stored XSS.This issue affects Speaker: from n/a through = 4.1.13...
CVE-2026-57779
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...
CVE-2026-57710
Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...
CVE-2026-57707
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows SQL Injection.This issue affects Simple Business Directory Pro: from n/a through = 15.9.4...
CVE-2026-57405
Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...
CVE-2026-57388
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...
CVE-2026-57376
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...
CVE-2026-57378
Missing Authorization vulnerability in Phil Kurth Advanced Forms advanced-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Forms: from n/a through = 1.9.3.7...
CVE-2026-61956
The CVE-2026-61956 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin sync-basalam (ووسلام – همگام سازی ووکامرس و باسلام) up to version 1.9.1. Affected component: the plugin’s CSRF handling exposes an attack surface enabling unauthorized actions initiated by...
CVE-2026-57815
CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...
CVE-2026-57771 WordPress GD Rating System plugin <= 3.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Milan Petrovic GD Rating System gd-rating-system allows Blind SQL Injection.This issue affects GD Rating System: from n/a through = 3.7...
CVE-2026-57787 WordPress CWS SVGicons plugin <= 1.5.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through = 1.5.5...
CVE-2026-61968 WordPress myCred plugin <= 3.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through = 3.1.2...
CVE-2026-57800
Technical details about CVE-2026-57800 are not provided in the connected documents. The entries mention Local File Inclusion in Overworld theme