CVE-2026-40919

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

CVE-2025-63029

Summary: CVE-2025-63029 is an SQL Injection vulnerability in the WordPress WCFM Marketplace plugin (also described as WC Lovers WCFM Marketplace) affecting versions up to 3.7.1. The root cause is improper neutralization of special elements in SQL commands. The NVD/CVE records confirm the issue an...

CVE-2026-40740

CVE-2026-40740 concerns a Missing Authorization vulnerability in Themeum Tutor LMS WordPress plugin

CVE-2026-40729

CVE-2026-40729 affects the WordPress plugin “bPlugins 3D viewer – Embed 3D Models” 1.8.5) as recommended by PT-2026-33040. No exploitation details are present in the connected documents beyond the general vulnerability description. Monitor for updates and vendor advisories for any confirmed expl...

CVE-2026-4005

The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield on the 'userhash'...

WordPress WM JqMath plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'style' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WM JqMath versions = 1.3...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Portfolio and Projects plugin <= 1.5.6 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Portfolio and Projects versions = 1.5.6...

EUVD-2026-21617

The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2026-20900

Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory...

WordPress plugin Customer Reviews for WooCommerce 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-35205 Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...

CVE-2026-3005

The affected software is the WordPress plugin List category posts . The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s 'catlist' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. It affects all versions up through 0.94.0 . Expl...

WordPress plugin Download Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

CVE-2026-39688 WordPress WP Frontend Profile plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile: from n/a through = 1.3.9...

CVE-2026-39687 WordPress Rapid Car Check Vehicle Data plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...

CVE-2026-39644 WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through = 2.3.8...

CVE-2026-39586

CVE-2026-39586 corresponds to a vulnerability in the WordPress RepairBuddy plugin, version