790 matches found
EUVD-2026-41303
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57671
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-57359 WordPress ReviewX plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in ReviewX = 2.3.10 versions...
CVE-2026-27426
CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme
Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...
WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12. id: CVE-2024-5057 info: name: WordPress Easy Digital Downloads = 3.2.12 - SQL Injecti...
tagDiv Composer < 4.2 - Stored Cross-Site Scripting
tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...
LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...
WordPress Ajax Load More - Filters plugin <= 3.4.1 - Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability
WordPress Ajax Load More - Filters plugin = 3.4.1 - Filters = 3.4.1 - Unauthenticated Stored Cross-Site Scripting vulnerability discovered by jonathan dunn in WordPress Plugin Ajax Load More - Filters versions = 3.4.1...
EUVD-2026-40107
Unauthenticated Cross Site Scripting XSS in Jobify = 4.3.2 versions...
CVE-2026-57630
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-56031
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-57641
CVE-2026-57641 pertains to an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Real Estate 7 theme, affecting versions ≤ 3.5.9. Public records confirm the affected software and the vulnerability class, but the provided documents do not specify the exact attack vect...
CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
EUVD-2026-39705
Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...
CVE-2026-56035 WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability
Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...
CVE-2025-66123 WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in BookPro = 1.1.0 versions...
CVE-2026-57878
An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...
CVE-2026-56013
The CVE describes an unauthenticated Insecure Direct Object References (IDOR) in the WordPress License Manager for WooCommerce plugin, affected versions up to 3.0.15. The vulnerability stems from insecure direct object references that could allow unauthenticated access to license data. Connected ...
CVE-2026-54845 WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...