EUVD-2026-3877

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...

EUVD-2026-3928

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through = 1.3.4...

EUVD-2026-3927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWave Hide My WP hidemywp allows Reflected XSS.This issue affects Hide My WP: from n/a through = 6.2.12...

EUVD-2026-3902

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through = 1.11.3...

EUVD-2026-3954

Improper Control of Generation of Code 'Code Injection' vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through = 6.1.11...

EUVD-2026-4017

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through = 1.18...

EUVD-2026-3992

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

EUVD-2026-4021

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.3...

EUVD-2026-4019

Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through = 1.1.2...

EUVD-2026-4020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through = 1.2.1.1...

EUVD-2026-4029

Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through = 1.16.44...

EUVD-2026-4078

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through = 1.0.9...

EUVD-2026-4057

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through = 1.0.2...

EUVD-2026-4052

Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through = 2.34...

EUVD-2026-4059

Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway bKash for WC: from n/a through = 3.1.0...

EUVD-2026-4094

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through = 1.16...

EUVD-2026-4085

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Accordion Slider PRO accordionsliderpro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through = 1.2...

EUVD-2026-4119

Dell Unisphere for PowerMax, versions 10.2.0.x, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution...

EUVD-2026-4148

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function editpwdmall of the file /fort/login/editpwdmall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attack...

EUVD-2026-4165

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...