22761 matches found
CVE-2026-48970
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48883
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48872
Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...
CVE-2026-48871
Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...
CVE-2026-48868
Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...
CVE-2026-45441
Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...
CVE-2026-42658
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...
CVE-2026-42651
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
CVE-2026-40785
Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-39524
Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...
CVE-2026-39489
Author Arbitrary File Download in Download Monitor = 5.1.9 versions...
CVE-2026-39468
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39472
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...
CVE-2026-34901
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
CVE-2026-34898
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...
CVE-2026-25425
Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...
MINI-WRC4-RPX4-CVC5
Bulletin has no description...
Incorrect Resource Transfer Between Spheres
Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via SimpleAsyncHTTPClient. An attacker can obtain sensitive credentials by exploiting...
CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...