CVE-2026-7850

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

CVE-2026-49084

Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...

CVE-2026-25470

Improper Control of Generation of Code 'Code Injection' vulnerability in ACPT ACPT Pro - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT Pro - Custom Post Types Plugin for WordPress: from n/a through 2.0.47...

CVE-2026-22335

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

CVE-2026-12165

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-12115

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

CVE-2026-12256

Contributor PHP Object Injection in Avada = 3.15.3 versions...

CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

CVE-2025-69131

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

CVE-2024-34810

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

CVE-2026-46855

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

CVE-2026-46853

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2026-35314

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Acces...

ROOT-APP-NPM-CVE-2026-44728 CVE-2026-44728 in @rootio/babel__plugin-transform-modules-systemjs - Patched by Root

Root has patched CVE-2026-44728 in the @rootio/babelplugin-transform-modules-systemjs package for Root:npm. Multiple fixed versions available...

CVE-2026-54811

CVE-2026-54811 : Affected software is the WordPress WP eMember plugin versions older than 10.9.4. The issue is an unauthenticated SQL Injection in the plugin, allowing an attacker with network access (no user credentials, no UI interaction) to potentially read or exfiltrate data. The CVSS metrics...

CVE-2026-54811 WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

CVE-2026-54807

CVE-2026-54807 affects the WordPress Registration Form for WooCommerce plugin (≤ 1.0.9). The entry documents an unauthenticated privilege escalation vulnerability, with a CVSS 3.1 base score of 9.8 (NETWORK, HIGH impact on confidentiality, integrity, and availability). No exploitation details are...

CVE-2026-54807 WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...