873 matches found
CVE-2026-11778
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57682
The CVE-2026-57682 entry affects the WordPress plugin “Simple Link Directory” version ≤ 15.0.5, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The connected records confirm the vulnerability type (XSS) and affected version, but do not provide concrete root-cause details, exploi...
CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter
The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-57332
The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions
PT-2026-53292
Name of the Vulnerable Software and Affected Versions Paid Videochat Turnkey Site versions 7.4.8 and earlier Description An issue exists that allows a performer to perform arbitrary file deletion within the system. Recommendations At the moment, there is no information about a newer version that...
EUVD-2026-39778
Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...
CVE-2026-57635
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
EUVD-2026-39764
Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...
CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...
EUVD-2026-39694
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-52701
CVE-2026-52701 is an unauthenticated broken access control vulnerability affecting WordPress User Registration plugin versions
EUVD-2026-39384
Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...
WordPress WP Forms Connector plugin <= 1.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by jamaal in WordPress Plugin WP Forms Connector versions = 1.8...
CVE-2025-60230
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9...
CVE-2026-22329
Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...
CVE-2025-69125
Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...
CVE-2026-40738 WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Eldon = 1.4.1 versions...
CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Esmée = 1.4 versions...