1776 matches found
CVE-2026-13347
The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...
EUVD-2026-41656
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF
Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...
CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
Contributor SQL Injection in WP EasyCart = 5.9.0 versions...
CVE-2026-57762
Author Cross Site Scripting XSS in Simple URLs = 151 versions...
CVE-2026-57687
CVE-2026-57687 concerns a SQL Injection vulnerability in the WordPress plugin Custom Field Template (versions
CVE-2025-69153
Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...
WordPress WP EasyCart plugin <= 5.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.1...
PT-2026-54965
Unauthenticated Cross Site Scripting XSS in Artale | Wedding Photography WordPress = 2.2.2 versions...
PT-2026-55034
Name of the Vulnerable Software and Affected Versions Booked versions prior to 3.0.1 Description Broken access control allows users with subscriber privileges to perform unauthorized actions. Recommendations Update to a version newer than 3.0.0...
CVE-2026-12133
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...
PT-2026-53811
Name of the Vulnerable Software and Affected Versions Editorial Rating – Product Review & Rating System versions prior to 4.0.6 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site...
CVE-2026-57328
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Tourmaster versions = 5.4.5...
WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Ads by WPQuads versions = 3.0.3...
CVE-2026-11987
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...
CVE-2026-57631
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-52701
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
EUVD-2026-39763
Contributor Broken Access Control in Nelio Content = 4.3.4 versions...
EUVD-2026-39757
Contributor SQL Injection in Gallery = 4.7.8 versions...