266243 matches found
CVE-2026-59518
CVE-2026-59518 affects the WordPress Directorist plugin (Directorist) versions up to 8.8.2. It is a PHP object-injection vulnerability caused by deserialization of untrusted data, with CVSS v3.1 base score 9.8 (Network, Low attack complexity, No privileges, No user interaction; Confidentiality/In...
CVE-2026-59521
The CVE-2026-59521 issue affects the WordPress Real Testimonials plugin (testimonial-free) by Deserialization of Untrusted Data, enabling PHP object injection in versions
CVE-2026-59515
CVE-2026-59515 affects the WordPress AIWU plugin (ai-copilot-content-generator) and is due to an improper neutralization of special elements in SQL commands , enabling Blind SQL Injection . Affected versions are WordPress AIWU plugin ≤ 1.5.4. The CVSS‑3.1 base score is 9.3 (CRITICAL) with network...
CVE-2026-57783
Technical details are not publicly available in the provided documents. Monitor for updates from the vendor or NVD; current references only state a Stored XSS in Speaker
CVE-2026-61985
CVE-2026-61985 affects the WordPress Car Rental Manager plugin (
CVE-2026-61968
CVE-2026-61968 affects the WordPress myCred plugin up to version 3.1.2. The root cause is a Missing Authorization/Broken Access Control due to incorrectly configured access control security levels, allowing unintended access. The CVE indicates a MEDIUM-severity issue (CVSS 3.1: 5.4) with network ...
CVE-2026-59523
CVE-2026-59523 affects the WordPress plugin Simply Schedule Appointments (
CVE-2026-57773 WordPress Advanced Shipment Tracking for WooCommerce plugin <= 4.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...
CVE-2026-57792 WordPress Dør theme <= 2.4.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through = 2.4.1...
CVE-2026-57779 WordPress Fascinate theme <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...
CVE-2026-57813 WordPress MailOptin plugin <= 1.2.77.3 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through = 1.2.77.3...
CVE-2026-59518 WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...
CVE-2026-57781 WordPress MeetingHub plugin <= 1.25.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through = 1.25.10...
CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...
CVE-2026-61985 WordPress Car Rental Manager plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through = 1.3.7...
CVE-2026-57745 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57797 WordPress EduMall theme <= 4.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...
CVE-2026-57768 WordPress Houzez Login Register plugin <= 3.3.3 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...
CVE-2026-57793 WordPress Flow theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...
CVE-2026-57787 WordPress CWS SVGicons plugin <= 1.5.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CreativeWS CWS SVGicons cws-svgicons allows Blind SQL Injection.This issue affects CWS SVGicons: from n/a through = 1.5.5...