243 matches found
CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability
Contributor SQL Injection in Custom Field Template = 2.7.8 versions...
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
EUVD-2026-41265
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-12133
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...
CVE-2026-57642
Contributor SQL Injection in Gallery = 4.7.8 versions...
EUVD-2026-39757
Contributor SQL Injection in Gallery = 4.7.8 versions...
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by dodoh4t in WordPress Plugin Gallery versions = 4.7.8...
CVE-2026-9709
The CVE-2026-9709 entry describes a vulnerability in the Premium Cornerstone page builder bundled with the X Theme (WordPress plugin) prior to version 7.8.9. The root cause is missing capability checks on one REST API route, allowing any authenticated user to disclose metadata of other users, inc...
EUVD-2026-37630
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-54185
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-54185 WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability
Subscriber SQL Injection in Cornerstone 7.8.8 versions...
CVE-2026-49113
The CVE-2026-49113 entry concerns the WordPress Cornerstone plugin, affected versions earlier than 7.8.8. It describes a Subscriber-level Arbitrary Code Execution vulnerability, with CVSSv3.1 metrics indicating a NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, ...
CVE-2026-48874
Subscriber SQL Injection in GamiPress = 7.8.7 versions...
CVE-2026-49068
The CVE concerns the WordPress Coupon Affiliates plugin (versions
EUVD-2026-36867
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
PT-2026-49421
Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...
CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...
WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP Migrate Lite versions = 2.7.8...
WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Stefano in WordPress Plugin Coupon Affiliates versions = 7.8.1...