222949 matches found
CVE-2026-42747 WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...
CVE-2026-42754
The CVE-2026-42754 entry describes a Reflected XSS vulnerability in the WordPress plugin favicon-by-realfavicongenerator (Favicon), affecting versions up to and including 1.3.46. The underlying issue is improper neutralization of input during web page generation. Impact is Cross-Site Scripting, w...
CVE-2026-42753 WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-42756 WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= 3.2.7 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly: from n...
CVE-2026-42740
The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range
CVE-2026-42749
CVE-2026-42749 concerns a vulnerability in the WordPress plugin “Disable Comments for Any Post Types (Remove comments)” by Themeisle. Connected documents specify a Broken Authentication issue that enables an authentication bypass via an alternate path/channel, with potential for “Password Recover...
CVE-2026-42756
CVE-2026-42756 affects the WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin up to version 3.2.7. It is an improper pathname limitation (path traversal) vulnerability in QuickWebP that can lead to arbitrary file deletion. Exploitation details are not provided i...
CVE-2026-42746 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42744
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
EUVD-2026-32200
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
CVE-2026-42757 WordPress WebinarIgnition plugin < 4.08.253 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2026-42750 WordPress WPComplete plugin <= 2.9.5.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through = 2.9.5.4...
CVE-2026-42759
CVE-2026-42759 describes a stored XSS in the WordPress plugin “Timo Affiliate Super Assistent amazonsimpleadmin,” caused by improper neutralization of input during web page generation. Affected: Affiliate Super Assistent versions from n/a through
CVE-2026-42750
CVE-2026-42750 concerns the WordPress plugin WPComplete by Nexcess. The vulnerability is a stored XSS caused by improper neutralization of input during web page generation, affecting WPComplete versions up to and including 2.9.5.4. Public references consistently describe the issue as a Stored XSS...
CVE-2026-42758
CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...
CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-42746
CVE-2026-42746 concerns the WordPress Clover plugin “clover-online-orders” (Smart Online Order for Clover) with versions up to 1.6.0. The vulnerability is described as an Insertion of Sensitive Information Into Sent Data, allowing retrieval of embedded sensitive data. The provided documents indic...
CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...