591 matches found
CVE-2026-10735
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
CVE-2026-10735 ShapedPlugin Multiple Pro Plugins - Backdoor via Compromised Vendor Update Server
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
EUVD-2026-38693
Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Produ...
EUVD-2026-38104
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the viewpage function in all versions up to, and including, 1.5.1. This makes it possible for unauthenticated attackers to delete...
PT-2026-49831
Name of the Vulnerable Software and Affected Versions Real Testimonials Pro affected versions not specified Product Slider Pro for WooCommerce affected versions not specified Smart Post Show Pro affected versions not specified Description A supply chain compromise occurred where attackers...
CVE-2026-49104
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...
EUVD-2026-36889
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
EUVD-2026-36881
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker'...
WordPress plugin Hippoo Mobile App for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-48750
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
WordPress Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Unlimited Elementor Inner Sections By BoomDevs versions = 1.3.3...
PT-2026-46348
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
PT-2026-46377
Unauthenticated Local File Inclusion in Etude = 1.6 versions...
PT-2026-46374
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
PT-2026-46370
Unauthenticated Local File Inclusion in Gunslinger = 1.7 versions...
PT-2026-46329
Unauthenticated Local File Inclusion in Planty = 1.14.0 versions...
PT-2026-46331
Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...
PT-2026-46353
Unauthenticated Local File Inclusion in Preservation = 1.10 versions...
PT-2026-46352
Unauthenticated Local File Inclusion in Mission = 1.22 versions...