CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-42650

The CVE-2026-42650 entry concerns the WordPress AutomatorWP plugin (versions

CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

CVE-2026-42411 WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

CVE-2026-42411 WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

CVE-2026-42411

CVE-2026-42411 affects the WordPress CloudSecure WP Security plugin (versions

EUVD-2026-36814

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

CVE-2026-42384

CVE-2026-42384 concerns the WordPress plugin “Simply Schedule Appointments” (versions prior to 1.6.11.2). The entry documents an unauthenticated, sensitive data exposure vulnerability affecting this plugin. The vulnerability is described as exposing sensitive data without authentication, with a C...

CVE-2026-42381

CVE-2026-42381 affects WordPress Funnel Builder by FunnelKit plugin versions

CVE-2026-42378

CVE-2026-42378 concerns the WordPress plugin WP Full Stripe Free (versions

CVE-2026-42381 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

EUVD-2026-36810

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-41556 WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in ProfilePress = 4.16.13 versions...

CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...

CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...