223995 matches found
CVE-2026-25439
CVE-2026-25439 affects the WordPress Booknetic plugin up to version 4.8.5, with unauthenticated broken authentication leading to account takeover. The CVSSv3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 8.1 (HIGH). Documented impact includes high confidentiality, integrit...
CVE-2026-25439 WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...
CVE-2026-22334
CVE-2026-22334 concerns the WordPress Woocommerce Book Price plugin (<= 1.3). The vulnerability is an Arbitrary File Download that requires authentication (Subscriber level or higher). The CVE entry notes an authenticated path to download arbitrary files, with a base CVSS v3.1 score of 7.5 (HI...
CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
CVE-2026-22335
The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....
CVE-2026-22332
CVE-2026-22332 covers an unauthenticated SQL injection in WordPress Tutor LMS Pro plugin versions up to 3.9.6. The CVE entry and Patchstack reference document this vulnerability (including a CVSS v3.1 base score of 9.3, CRITICAL) affecting Tutor LMS Pro <=3.9.6, with exploitation status not pr...
CVE-2026-9690
CVE-2026-9690 concerns the WordPress WP Media folder Addon plugin (versions <= 4.0.1). The vulnerability is an unauthenticated arbitrary file download, enabling an attacker to download arbitrary files from the affected site without authentication. The issue is associated with the WP Media fold...
CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
CVE-2025-69135
Technical details (affected plugin version range, root cause, impact, remediation) are not publicly available in the provided connected documents. Monitor for updates; current sources do not specify vulnerable functions or fixes.
CVE-2025-69129
CVE-2025-69129 concerns the WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (versions
CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-60218
CVE-2025-60218 concerns the WordPress plugin “PT Luxa Addons” (versions
CVE-2025-49403
CVE-2025-49403 affects Premium Age Verification / Restriction for WordPress (WordPress plugin) versions <= 3.0.2. Unauthenticated Arbitrary File Download is reported; Patchstack notes vulnerability in versions
CVE-2025-49403 WordPress Premium Age Verification / Restriction for WordPress Plugin <= 3.0.2 - Arbitrary File Download Vulnerability
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress = 3.0.2 versions...
CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability
Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...
CVE-2026-12165
CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions
CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12115 Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...