CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...

CVE-2026-57653

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

CVE-2026-57313

Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...

CVE-2026-56067

Unauthenticated SQL Injection in JetSmartFilters = 3.8.3 versions...

CVE-2026-56039

Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...

CVE-2026-24547

Unauthenticated Broken Access Control in SiteGround Email Marketing = 1.7.5 versions...

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

CVE-2026-57298

CVE-2026-57298: A CSRF in the Jenkins Contrast Continuous Application Security Plugin (version 3.11 and earlier) allows an attacker to cause Jenkins to access an attacker-specified URL using attacker-specified username, API key, and service key. Affected: Jenkins Contrast Continuous Application S...

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...

WordPress Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Meher Sudhakar Abbireddi in WordPress Plugin Orbit Fox by ThemeIsle versions = 3.0.6...

CVE-2026-54196

Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.

CVE-2026-52692

Affected software: WordPress Affiliates Manager plugin (WordPress)

CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

CVE-2026-49070

CVE-2026-49070 affects the WordPress Knit Pay plugin (versions

CVE-2026-49068 WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...

CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Amelia = 2.3 versions...