8473 matches found
Cost Calculator Builder <= 3.2.15 - SQL Injection
The Cost Calculator Builder plugin for WordPress is vulnerable to SQL Injection via discount codes in versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
TileServer API - Cross Site Scripting
tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting XSS vulnerability via the component /data/v3/?key. id: CVE-2024-35627 info: name: TileServer API - Cross Site Scripting author: DhiyaneshDK severity: medium description: | tileserver-gl up to v4.4.10 was discovered to...
EUVD-2026-41656
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-14459
Vulnerability: TUBITAK BILGEM pardus-software suffers an argument injection due to improper neutralization of command delimiters. Affects pardus-software
CVE-2026-11778
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...
CVE-2026-8892
The CM Business Directory – Optimise and showcase local business plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Business Address Meta Fields in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for...
EUVD-2026-41486
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'aboutme' parameter in all versions up to, and including, 2.11.4 due to insufficient input sanitization and...
CVE-2026-57763
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
CVE-2026-57751
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
CVE-2026-57684
Contributor Cross Site Scripting XSS in TheFox = 3.9.70 versions...
CVE-2026-57685
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
CVE-2026-57687
Contributor SQL Injection in Custom Field Template = 2.7.8 versions...
CVE-2026-57623
Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...
CVE-2026-57621
Unauthenticated PHP Object Injection in Booktics = 1.0.21 versions...
CVE-2026-57670
Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...
CVE-2026-57356
Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...
CVE-2025-69132
Subscriber Sensitive Data Exposure in Corpkit = 1.0.5 versions...
CVE-2025-58902
Unauthenticated Local File Inclusion in Lighthouse = 1.2.12 versions...
CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
Contributor SQL Injection in WP EasyCart = 5.9.0 versions...
CVE-2026-57762 WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Simple URLs = 151 versions...