WordPress plugin Woocommerce Envato Affiliates 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-42774

CVE-2026-42774 affects WordPress JetEngine plugin

CVE-2026-42774 WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.1...

CVE-2026-42776

The CVE concerns WordPress Sunshine Photo Cart plugin

CVE-2026-48837

CVE-2026-48837: SQL Injection in WordPress plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates)

WordPress WP Search Analytics plugin < 1.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WP Search Analytics versions 1.5.0...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

CVE-2026-24554 WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1...

WordPress WPSubscription plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by theviper17 in WordPress Plugin WPSubscription versions = 1.9.1...

WordPress Oliver POS plugin < 4.5.4 - Other Vulnerability Type vulnerability

Other Vulnerability Type vulnerability discovered by Hunter Jensen skid in WordPress Plugin Oliver POS versions 4.5.4...

WordPress Wishlist Member plugin <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Generate API Secret Key vulnerability

Missing Authorization to Authenticated Subscriber+ Generate API Secret Key vulnerability discovered by h0xilo in WordPress Plugin WishList Member X versions = 3.30.1...

WordPress plugin SePay Gateway 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2026-6897 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Update via 'wishlistmember_team_accounts_save_settings' AJAX action

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...

CVE-2026-8679

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

CVE-2026-4834

The CVE-2026-4834 entry concerns the WP ERP Pro plugin for WordPress, affected up to version 1.5.1. The vulnerability is a SQL Injection via the 'search_key' parameter due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL...

WordPress Alfie – Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion vulnerability

Cross-Site Request Forgery to Feed Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...

CVE-2026-39531

The CVE-2026-39531 affects the WordPress plugin WP Directory Kit (

EUVD-2026-31208

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

WordPress plugin Broadstreet 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...