CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...

CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...

CVE-2026-49773

CVE-2026-49773 refers to a Cross Site Scripting (XSS) vulnerability in WordPress FV Flowplayer Video Player plugin versions earlier than 7.5.51.7212. The vulnerability is described as a Subscriber XSS issue; CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, required user interactio...

CVE-2026-49770

CVE-2026-49770 affects the WordPress WP Travel Engine plugin (

CVE-2026-49769

CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...

CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

CVE-2026-49764

CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...

CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...

CVE-2026-49763

CVE-2026-49763 concerns the WordPress plugin “WordPress Integration for Contact Form 7 HubSpot” (versions

CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...

CVE-2026-49112 WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...

CVE-2026-49109

CVE-2026-49109 concerns the WordPress plugin set “Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

EUVD-2026-36882

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49105

CVE-2026-49105 concerns the WordPress plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms, with affected versions