41 matches found
CVE-2026-15306
The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-15097
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...
CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
EUVD-2026-39694
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-40741
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-27333
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...
CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
WordPress Slider Revolution plugin <= 7.0.9 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Nos1x0 in WordPress Plugin Slider Revolution versions = 7.0.9...
CVE-2026-5050
The CVE-2026-5050 entry details a vulnerability in the Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress. Affected versions are up to and including 7.0.0. The root cause is improper verification of cryptographic signatures: successful_request() handlers compute a local signature ...
CVE-2026-2269
The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...
CVE-2026-23542
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...
WordPress Hustle plugin <= 7.8.9.2 - Authenticated (Subscriber+) Arbitrary File Upload via Module Import vulnerability
Authenticated Subscriber+ Arbitrary File Upload via Module Import vulnerability discovered by Williwollo CybrX in WordPress Plugin Hustle versions = 7.8.9.2...
CVE-2026-1189
The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formid' parameter of the 'leadbiform' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
CVE-2025-64206
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...
EUVD-2025-204249
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...
phpPgAdmin <= 7.13.0 Multiple Vulnerabilities
phpPgAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phppgadmin:phppgadmin"; if...
CVE-2021-4461
CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System
EUVD-2025-35990
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.3.0...
WordPress plugin Coupon Affiliates 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...