134 matches found
CVE-2026-9701
The CVE-2026-9701 entry concerns the WordPress Eventer plugin (up to version 4.4.2) with an insecure password reset mechanism. The root cause is that the plugin stores a plaintext password reset key in the eventer_verification_code (wp_usermeta) when a reset is requested, allowing an attacker to ...
CVE-2026-9842
The CVE-2026-9842 entry concerns the Backstage - Customizer Demo Access plugin for WordPress (up to version 1.4.2). The root cause is that the plugin assigns the manage_options capability to the backstage_customizer_user demo role, which is more permissive than required for a Demo Access/Customiz...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability
User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...
CVE-2026-56030
Unauthenticated Privilege Escalation in Paytium = 5.0.2 versions...
CVE-2026-56028
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
EUVD-2026-39696
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-56030
CVE-2026-56030 affects WordPress Paytium plugin (versions
EUVD-2026-39691
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
CVE-2026-56028 WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Easy Elements for Elementor Addons & Website Templates = 1.4.9 versions...
WordPress SignUp & SignIn plugin <= 1.0.0 - Unauthenticated Privilege Escalation vulnerability
Unauthenticated Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin SignUp & SignIn versions = 1.0.0...
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
WordPress Branda - White Label & Branding, Free Login Page Customizer plugin = 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by thevietronin - GalaxyOne in WordPress Plugin Branda versions = 3.4.29...
CVE-2026-27395 WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...
PT-2026-50087
Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...
EUVD-2026-36966
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...
EUVD-2026-36968
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
EUVD-2026-36922
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
CVE-2026-49063
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-34901
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
PT-2026-49403
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
PT-2026-49367
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...