8481 matches found
CVE-2026-11988
CVE-2026-11988 affects LearnPress
CVE-2026-12090
The Taskbuilder WordPress plugin (Taskbuilder – Project Management & Task Management Tool With Kanban Board) is affected by a generic SQL Injection via the wppm_proj_filter parameter in all versions up to 5.0.8. The root cause is insufficient escaping of the user-supplied parameter and an inadequ...
CVE-2026-12923
The Youtube Showcase plugin for WordPress (up to version 4.0.3) is vulnerable to an Arbitrary Function Call via the 'path' parameter in the emd_delete_file() AJAX handler (includes/common-functions.php). A user-supplied value is sanitized, has its trailing '_PLUGIN_DIR' stripped, and is then invo...
CVE-2026-12240
The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...
CVE-2026-12240
The CVE-2026-12240 entry concerns the WordPress Export User Data plugin (up to version 2.2.6). Affected component: the unserialize path validation in the plugin allows an authenticated subscriber+ to trigger arbitrary file deletions on the server by exporting user data, with a crafted serialized ...
Security update for glycin-loaders (moderate)
openSUSE security update: security update for glycin-loaders ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21134-1 Rating: moderate References: bsc1248035 bsc1249010 Cross-References: CVE-2025-55159 CVE-2025-58160 CVSS scores: CVE-2025-55159 SUSE ...
CVE-2026-57329
Subscriber Cross Site Scripting XSS in WooCommerce Designer Pro = 1.9.34 versions...
CVE-2026-57332
Subscriber Broken Access Control in Wallet System for WooCommerce = 2.7.6 versions...
CVE-2026-57328
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
CVE-2026-57330
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
CVE-2026-57327
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
CVE-2026-57335
CVE-2026-57335 concerns the WordPress plugin WPQuads Ads (WPQuads)
EUVD-2026-40106
Subscriber Broken Access Control in Ads by WPQuads = 3.0.3 versions...
CVE-2026-57332
The CVE affects the WordPress Wallet System for WooCommerce plugin, specifically versions
EUVD-2026-40101
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
CVE-2026-57330 WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in MasterStudy LMS = 3.7.27 versions...
EUVD-2026-40099
Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...
EUVD-2026-40098
Subscriber Broken Access Control in MainWP = 6.1.1 versions...
CVE-2026-57327
The connected documents identify CVE-2026-57327 as a vulnerability in the WordPress MainWP plugin up to version 6.1.1 describing a Subscriber/Broken Access Control issue. The underlying root cause is described as broken access control, but the documents do not provide concrete technical details s...
CVE-2026-57327 WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MainWP = 6.1.1 versions...