CVE-2026-42667 WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

CVE-2026-42667 WordPress Bookly plugin <= 27.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

CVE-2026-42665 WordPress WP Data Access plugin <= 5.5.70 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

CVE-2026-42666

The WordPress Salon Booking System plugin versions

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

CVE-2026-42664 WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...

CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

CVE-2026-42660

CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...

CVE-2026-42659

The CVE concerns WordPress plugin “Advanced Form Integration” (versions

CVE-2026-42658

The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions

CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

CVE-2026-42657

CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

EUVD-2026-36820

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-42655

CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...