CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

CVE-2026-39434

CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions

CVE-2026-34902

CVE-2026-34902 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “WooCommerce Product Table Lite” up to version 4.6.3. The issue affects the plugin’s handling of input in the product table rendering, enabling XSS payloads to be executed in contexts wher...

CVE-2026-34901 WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

CVE-2026-34901

CVE-2026-34901 affects WordPress iControlWP plugin,

CVE-2026-34898 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...

CVE-2026-34900 WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

CVE-2026-34892 WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO = 1.0.271 versions...

CVE-2026-34892

The CVE-2026-34892 entry describes a Broken Access Control vulnerability in the WordPress Rank Math SEO plugin (versions

CVE-2026-34886

The CVE-2026-34886 entry affects WordPress WordPress Simple Membership plugin versions

CVE-2026-34891 WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

CVE-2026-27407 WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

CVE-2026-27089

WPTravelly plugin for WordPress, versions

CVE-2026-27333

The CVE concerns the WordPress plugin “Paid Videochat Turnkey Site” (versions

CVE-2026-27089 WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

CVE-2026-27053 WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...

CVE-2026-25440 WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Essential Addons for Elementor 6.6.0 versions...

CVE-2026-25425 WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration = 5.1.2 versions...