WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin MDTF versions = 1.3.5...

WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bonds in WordPress Plugin Avada Core versions 5.15.0...

WordPress WooCommerce plugin < 10.5.3 - Arbitrary Admin User Creation via CSRF vulnerability

Arbitrary Admin User Creation via CSRF vulnerability discovered by oolongeya in WordPress Plugin WooCommerce versions 10.5.3...

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

CVE-2026-1650 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

WordPress plugin Media Library Alt Text Editor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-23813

Name of the Vulnerable Software and Affected Versions WordPress JS Archive List plugin versions up to and including 6.1.7 Description The JS Archive List plugin for WordPress is susceptible to PHP Object Injection through the 'included' shortcode attribute. This occurs because of the...

WordPress plugin JS Archive List 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

CVE-2026-28127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through = 1.3.2...

CVE-2026-28059

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...

CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

CVE-2026-1720

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the 'installandactiveplugin' function in all versions up to, and including, 1.4.24. This...

CVE-2026-28125

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi: from n/a through = 1.14...

CVE-2026-28108

CVE-2026-28108 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin LambertGroup – AllInOne, specifically the Banner with Thumbnails (all-in-one-thumbnailsBanner). Affected versions are listed as up to 3.8 (from n/a through

CVE-2026-28099 WordPress UberSlider Ultra plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider Ultra uberSliderultra allows Reflected XSS.This issue affects UberSlider Ultra: from n/a through = 2.3...

CVE-2026-28100 WordPress UberSlider PerpetuumMobile plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSliderperpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...

CVE-2026-28100

CVE-2026-28100 is a reflected XSS in LambertGroup UberSlider PerpetuumMobile (uberSlider_perpetuummobile) affecting versions up to and including 2.3. The issue is caused by improper neutralization of input during web page generation. CVSS v3.1 base score 7.1 (High) with Network attack vector, no ...

CVE-2026-28071 WordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pixfort Core: from n/a through = 3.2.22...

CVE-2026-28037 WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2026-27411 WordPress SiteGuard WP Plugin plugin <= 1.7.9 - Captcha Bypass vulnerability

Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through = 1.7.9...