CVE-2026-40768

The CVE covers WordPress Salon booking system plugin versions

CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

CVE-2026-40765

The CVE-2026-40765 entry details an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress collectchat plugin versions

CVE-2026-40765 WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

CVE-2026-40726

CVE-2026-40726 affects the WordPress plugin User Registration Stripe (versions

CVE-2026-40724

CVE-2026-40724 concerns the WordPress Client Portal (Pro) plugin, affected versions &lt;= 5.6.2. The vulnerability is described as an Arbitrary File Download in CP Client Arbitrary File Download for Client Portal (Pro)

CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

CVE-2026-39597

This CVE covers an unauthenticated, reflected Cross Site Scripting (XSS) in the WordPress WPZOOM Addons for Elementor plugin (versions

CVE-2026-39597 WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...

CVE-2026-39595

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-39595 for W3 Total Cache plugin

CVE-2026-39546

This CVE concerns the WordPress plugin MultiLoca (WooCommerce Multi-Locations Inventory Management) up to version 4.2.15, with a Subscriber Privilege Escalation vulnerability. The vulnerability is described as enabling a subscriber to escalate privileges, indicating a potential elevation from a l...

CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

CVE-2026-39537 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...

CVE-2026-34888

CVE-2026-34888 concerns the WordPress Bricksforge plugin (versions ≤ 3.1.8.4) with an unauthenticated sensitive data exposure vulnerability. The connected Patchstack entry specifies that it is a vulnerability in Bricksforge where sensitive data could be exposed without authentication, resulting i...

CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

CVE-2026-27410 WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

CVE-2026-27400 WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

CVE-2026-27041

CVE-2026-27041 : Affected software is WordPress Unlimited Elements for Elementor – Premium, versions

CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

CVE-2026-25439

CVE-2026-25439 affects the WordPress Booknetic plugin up to version 4.8.5, with unauthenticated broken authentication leading to account takeover. The CVSSv3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 8.1 (HIGH). Documented impact includes high confidentiality, integrit...