CVE-2026-12165

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2025-69131

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

CVE-2025-69129

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

CVE-2024-34810

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

CVE-2025-15657 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in School Management = 93.1.0 versions...

CVE-2026-46855

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

CVE-2026-46853

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2026-35314

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Acces...

ROOT-APP-NPM-CVE-2026-44728 CVE-2026-44728 in @rootio/babel__plugin-transform-modules-systemjs - Patched by Root

Root has patched CVE-2026-44728 in the @rootio/babelplugin-transform-modules-systemjs package for Root:npm. Multiple fixed versions available...

CVE-2026-54811 WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember v10.9.4 versions...

CVE-2026-54811

CVE-2026-54811 : Affected software is the WordPress WP eMember plugin versions older than 10.9.4. The issue is an unauthenticated SQL Injection in the plugin, allowing an attacker with network access (no user credentials, no UI interaction) to potentially read or exfiltrate data. The CVSS metrics...

CVE-2026-54807

CVE-2026-54807 affects the WordPress Registration Form for WooCommerce plugin (≤ 1.0.9). The entry documents an unauthenticated privilege escalation vulnerability, with a CVSS 3.1 base score of 9.8 (NETWORK, HIGH impact on confidentiality, integrity, and availability). No exploitation details are...

CVE-2026-54807 WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

CVE-2026-54805

The CVE covers the WordPress plugin Falang multilanguage (vulnerable:

CVE-2026-54805 WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Falang multilanguage = 1.4.2 versions...

CVE-2026-54804

WordPress Melhor Envio plugin ≤ 2.16.3 has a Broken Authentication vulnerability (CVE-2026-54804). CVSS v3.1: Network, Privileges Required Low, User Interaction None, Confidentiality/Integrity Low, Availability High; base score 7.6 (High). Affected: Melhor Envio WordPress plugin versions up to an...

CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

CVE-2026-54802

CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions

CVE-2026-54196

Technical details are not publicly provided in the supplied documents. Monitor for updates on affected versions, impact, and fixes.