CVE-2026-40788 WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

CVE-2026-40787

The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...

CVE-2026-40782 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

CVE-2026-40781 WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

CVE-2026-40781 WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

CVE-2026-40781

CVE-2026-40781 affects the WordPress ReviewX plugin ≤ 2.3.6. Root cause: unauthenticated broken authentication vulnerability leading to high-severity impact (CVSSv3.1 base score 7.5; Network attack vector, no user interaction, no privileges required; integrity impact HIGH). Affected software is t...

CVE-2026-40779 WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

CVE-2026-40779

CVE-2026-40779 affects the WordPress WordPress Link Library plugin, version

CVE-2026-40776

CVE-2026-40776 affects the WP Event Solution (Eventin) plugin up to version 4.1.8, where unauthenticated requests can trigger Broken Access Control. The root cause involves three permission checks that accept a wp_rest nonce as authentication, plus an IDOR-prone Order endpoint and an open seat-bo...

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

CVE-2026-40775 WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

CVE-2026-40775

WordPress plugin Royal MCP (for the WordPress ecosystem) is affected up to version 1.4.2. The CVE describes an Unauthenticated Broken Access Control vulnerability, i.e., an attacker without credentials can access restricted functionality. The CVSS metrics (CVSS:3.1, AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:...

CVE-2026-40774

CVE-2026-40774 concerns the WordPress Booking Package plugin (versions

CVE-2026-40773 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...