CVE-2026-57633

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

EUVD-2026-39749

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

CVE-2026-52696

Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...

CVE-2026-34888

Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...

CVE-2026-52694

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

CVE-2026-49056

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...

CVE-2026-42667

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

CVE-2026-40789

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

CVE-2026-52695 WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...

EUVD-2026-36901

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

CVE-2026-34891

CVE-2026-34891 concerns the WordPress IDPay Payment Gateway for WooCommerce plugin (

PT-2026-49480

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

PT-2026-49363

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...

WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...

WordPress LatePoint plugin <= 5.3.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Financial Data Exposure via Sequential Invoice ID vulnerability discovered by darkmode in WordPress Plugin LatePoint versions = 5.3.2...

WordPress Export All URLs plugin < 5.1 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Mohammad Aghdasi in WordPress Plugin Export All URLs versions 5.1...

WordPress WPBookit plugin <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Data Exposure vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin WPBookit versions = 1.0.8...

CVE-2025-15482

CVE-2025-15482 affects the WordPress plugin Chapa Payment Gateway for WooCommerce . Multiple sources confirm a vulnerability in all versions up to and including 1.0.3 where the 'chapa_proceed' WooCommerce API endpoint exposes sensitive information, enabling unauthenticated attackers to retrieve d...

WordPress Tickera plugin <= 3.5.4.8 - Unauthenticated Customer Data Exposure vulnerability

Unauthenticated Customer Data Exposure vulnerability discovered by WordFence in WordPress Plugin Tickera versions = 3.5.4.8...