CVE-2026-49079

The CVE concerns the WordPress JetSearch plugin, affected versions are <= 3.5.17. It describes an unauthenticated SQL injection vulnerability in JetSearch that can be exploited over the network without authentication, potentially compromising confidentiality (high) and affecting data queries. ...

CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...

CVE-2026-49075

The CVE covers a PHP Object Injection flaw in the WordPress JetEngine plugin, affecting versions

CVE-2026-49075 WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...

CVE-2026-49074

CVE-2026-49074 affects the WordPress JetEngine plugin (versions &lt;= 3.8.9.1). The description specifies an Unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine

CVE-2026-49074 WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.9.1 versions...

CVE-2026-49071

The entry affects the WordPress WooCommerce Dropshipping plugin (versions

CVE-2026-49071 WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

CVE-2026-49058

CVE-2026-49058 affects WordPress LoginPress Pro plugin versions

CVE-2026-48967

CVE-2026-48967 concerns a SQL Injection vulnerability in the WordPress Geo Mashup plugin (versions

CVE-2026-45436

CVE-2026-45436 affects WordPress WPBakery Page Builder plugin for WordPress, specifically versions

CVE-2026-40783 WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...

CVE-2026-40768

The CVE covers WordPress Salon booking system plugin versions

CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

CVE-2026-40765

The CVE-2026-40765 entry details an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress collectchat plugin versions

CVE-2026-40765 WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

CVE-2026-40726

CVE-2026-40726 affects the WordPress plugin User Registration Stripe (versions

CVE-2026-40724

CVE-2026-40724 concerns the WordPress Client Portal (Pro) plugin, affected versions &lt;= 5.6.2. The vulnerability is described as an Arbitrary File Download in CP Client Arbitrary File Download for Client Portal (Pro)

CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

CVE-2026-39597

This CVE covers an unauthenticated, reflected Cross Site Scripting (XSS) in the WordPress WPZOOM Addons for Elementor plugin (versions