CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

Exploit for CVE-2026-6741

CVE-2026-6741 CVE-2026-6741 is a CVSS 8.8 High Authenticated...

Exploit for CVE-2026-5118

CVE-2026-5118 — Divi Form Builder roles && !isset$rolesobj-...

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability

Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.5...

CVE-2026-7652

The LatePoint WordPress plugin (up to version 5.5.0) is vulnerable to Account Takeover via a Weak Password Recovery Mechanism in the unauthenticated guest booking flow. The root cause is save_connected_wordpress_user() propagating a LatePoint customer’s email to its linked WordPress user via wp_u...

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

WordPress plugin LatePoint 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

EUVD-2026-26195

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

PT-2026-35880

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.3.2 Description A missing authorization issue exists due to incorrectly configured access control security levels. Recommendations Update to a version newer than 4.3.1...

CVE-2026-39476

Technical details for CVE-2026-39476 are not publicly provided in the supplied documents; monitor for updates from vendors and advisories.

CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

WordPress User Registration & Membership plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Content Access Rule Manipulation vulnerability discovered by darkmode in WordPress Plugin User Registration versions = 5.1.4...

WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin User Feedback versions = 1.10.1...

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

EUVD-2026-5248

Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...

WordPress plugin Simple Membership WP user Import 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...