591 matches found
EUVD-2026-43156
The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attacker...
EUVD-2026-42011
The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...
CVE-2026-57758 WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-13733
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-40923
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-57660 WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...
EUVD-2026-39626
The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...
WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...
CVE-2026-52692 WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...
CVE-2026-10737
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...
WordPress plugin ad manager wd 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress plugin SP Project & Document Manager 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-42773
CVE-2026-42773 concerns the WordPress plugin eMagicOne Store Manager (versions up to 1.3.2). The connected documents identify a vulnerability of type SQL Injection (specifically a blind SQL injection) in this plugin. Affected component is the Store Manager code path handling SQL commands, with th...
CVE-2026-45216 WordPress Smart Manager plugin <= 8.85.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0...
WordPress plugin Smart Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Frontend File Manager Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...
WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...
CVE-2026-4057
The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...
CVE-2026-4057
The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...