CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...

CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

CVE-2026-48882

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

CVE-2026-45439

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

CVE-2026-45437

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

CVE-2026-42664

Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...

CVE-2026-42655

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40741

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

CVE-2026-39587

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

CVE-2026-39527

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

CVE-2026-39465

Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

CVE-2026-52703 WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

CVE-2026-52703 WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...

CVE-2026-52703

The CVE-2026-52703 entry concerns WordPress plugin FastDup (versions ≤ 2.7.2) with an unauthenticated path traversal vulnerability. The issue arises in the FastDup code path that allows traversal of the file system without authentication, enabling access to restricted files. Connected sources con...

CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...