CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

CVE-2026-39518

The CVE pertains to WordPress EventPrime plugin versions

CVE-2026-39511

CVE-2026-39511 affects the WordPress plugin WP Photo Album Plus

CVE-2026-39481 WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability

Author PHP Object Injection in Modula Image Gallery = 2.14.18 versions...

CVE-2026-34892

The CVE-2026-34892 entry describes a Broken Access Control vulnerability in the WordPress Rank Math SEO plugin (versions

CVE-2026-27053 WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

CVE-2025-68840 WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in iRobots.txt SEO = 1.1.2 versions...

CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid

BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...

CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

PT-2026-49371

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

PT-2026-49384

Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...

RHEL 8 : mysql:8.0 (RHSA-2026:25919)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25919 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

WordPress Ajax Load More plugin < 7.8.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Load More versions 7.8.4...

WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability

Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

WordPress plugin Product Filter by WBW SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by xwii in WordPress Plugin ABC Crypto Checkout versions = 1.8.2...

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...