WordPress WPvivid — Backup, Migration & Staging plugin <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion vulnerability

Authenticated Admin+ Arbitrary Directory Deletion vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.128...

WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Path Traversal vulnerability discovered by kai63001 in WordPress Plugin Shared Files versions = 1.7.64...

WordPress Frontend User Notes plugin <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification vulnerability

Cross-Site Request Forgery to Note Content Modification vulnerability discovered by Mohamed Wajih Hichri Assaults - TEK-UP in WordPress Plugin Frontend User Notes versions = 2.1.1...

WordPress Express Payment For Stripe plugin <= 1.28.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Stripe Express versions = 1.28.0...

WordPress Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability discovered by Khanh Nguyen - BlueRock in WordPress Plugin Charitable versions = 1.8.11.1...

Exploit for CVE-2026-8206

CVE-2026-8206 - Kirki Account Takeover Lab Local Docker lab f...

WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JetSearch versions = 3.5.17...

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by 0xd4rk5id3 in WordPress Plugin User Registration Stripe versions = 1.3.12...

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.4...

WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.1...

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

CVE-2026-49777

CVE-2026-49777 (WordPress Product Slider Pro for WooCommerce

CVE-2026-49777 WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

EUVD-2026-34792

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fi...

WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.2.1...

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.4...

WordPress Hybrid Composer plugin <= 1.4.6 Unauthenticated Settings Change vulnerability

WordPress Hybrid Composer plugin = 1.4.6 Unauthenticated Settings Change vulnerability discovered by ? in WordPress Plugin Hybrid Composer versions = 1.4.6...

OPENSUSE-SU-2026:20905-1 Security update for samba

This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on reparse point operations bsc1261188. - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3012: group policy certificate enrollment uses http: // without...