78 matches found
CVE-2026-57354
The CVE-2026-57354 entry describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WordPress JetReviews plugin limited to versions
CVE-2026-57342
The CVE-2026-57342 entry concerns the WordPress ShortPixel Adaptive Images plugin, affected versions are
CVE-2026-57342 WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in ShortPixel Adaptive Images = 3.11.3 versions...
CVE-2025-69133
CVE-2025-69133 affects the WordPress Tourmaster plugin versions
CVE-2025-69094 WordPress Unicamp theme <= 2.2.2 - SQL Injection vulnerability
Subscriber SQL Injection in Unicamp = 2.2.2 versions...
WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification vulnerability
Authenticated Subscriber+ Missing Authorization to Arbitrary Group Creation/Modification vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...
CVE-2026-57329
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
PT-2026-53290
Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions prior to 1.9.35 Description Cross Site Scripting XSS allows an attacker with subscriber privileges to execute malicious scripts in the browser of other users. Recommendations Update WooCommerce Designer Pro to...
CVE-2026-56058
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56046
Subscriber Cross Site Scripting XSS in ListingPro = 2.9.11 versions...
CVE-2026-54826
Subscriber Insecure Direct Object References IDOR in SupportCandy = 3.4.6 versions...
CVE-2026-57661 WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...
EUVD-2026-39743
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
EUVD-2026-39713
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56032
The CVE-2026-56032 entry concerns a PHP Object Injection vulnerability in the WordPress BuddyBoss Platform plugin, affecting versions up to 3.0.4. The root cause is described as Subscriber PHP Object Injection within BuddyBoss Platform <= 3.0.4. Documented in Patchstack and CVE records, the vu...
CVE-2026-56053
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...
EUVD-2026-39382
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...