CVE-2026-40773 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

CVE-2026-40771

CVE-2026-40771 affects the WordPress Contest Gallery plugin and is an unauthenticated SQL Injection vulnerability in versions

CVE-2026-40770 WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...

CVE-2026-40770

CVE-2026-40770 concerns the WordPress plugin Coupon Affiliates (versions

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

CVE-2026-40769

The CVE-2026-40769 entry concerns the WordPress plugin “Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field” (versions

CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

CVE-2026-40762

The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL

CVE-2026-40762 WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

CVE-2026-40741

CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-40732 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...

CVE-2026-40732

CVE-2026-40732 affects the WordPress plugin Notification for Telegram (versions ≤ 3.5). The issue is an unauthenticated Cross Site Scripting (XSS) vulnerability, with the root cause not explicitly described in the provided documents. The Patchstack entry assigns a CVSS v3.1 base score of 7.1 (HIG...

CVE-2026-40727

The CVE covers WordPress Groundhogg plugin versions ≤ 4.4, vulnerable to Arbitrary File Deletion in the Sales Representative component. The root cause details are not fully provided, but the CVSSv3.1 score is 7.7 (HIGH) with Network attack vector, low attack complexity, privilege requirement, and...

CVE-2026-39594

CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions