225299 matches found
WordPress Infility Global plugin < 2.15.21 - SQL Injection vulnerability
SQL Injection vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Infility Global versions 2.15.21...
WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion vulnerability
Unauthenticated Limited Arbitrary File Read and Deletion vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...
CVE-2026-5118
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...
CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...
CVE-2026-5118 Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...
Exploit for CVE-2026-5118
🔥 CVE-2026-5118 Divi Form Builder --- 🎯 Ring...
WordPress Zoho ZeptoMail plugin <= 3.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Zoho ZeptoMail versions = 3.2.9...
CVE-2026-27393
The CVE-2026-27393 entry concerns the WordPress plugin CF7 WOW Styler (versions n/a–1.7.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in which access permissions are incorrectly configured, allowing unauthorized access to functionality. The available ...
EUVD-2026-31248
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...
CVE-2026-27393 WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tobias CF7 WOW Styler allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 WOW Styler: from n/a through 1.7.6...
CVE-2026-27349 WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...
WordPress Mail Mint plugin <= 1.19.5 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Que Thanh Tuan in WordPress Plugin Mail Mint versions = 1.19.5...
WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.70 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Wannes Verwimp in WordPress Plugin Piotnet Addons For Elementor Pro versions = 7.1.70...
WordPress ProSolution WP Client plugin <= 2.0.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by snr in WordPress Plugin ProSolution WP Client versions = 2.0.0...
WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.4 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Ankit Patel in WordPress Plugin Easy Elements for Elementor Addons & Website Templates versions = 1.4.4...
WordPress GSheet For Woo Importer plugin <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Settings Reset vulnerability discovered by Legion Hunter in WordPress Plugin GSheet For Woo Importer versions = 2.3.1...
CVE-2026-6279
The Avada Builder fusion-builder plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the wpconditionaltags case in FusionBuilderConditionalRenderHelper::getvalue passing attacker-controlled...
CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-1543 Avada (Fusion) Builder <= 3.15.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Shortcodes
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-1543
The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 3.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level...