EUVD-2026-39727

Unauthenticated Cross Site Scripting XSS in SureCart = 4.3.2 versions...

EUVD-2026-35388

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

CVE-2026-4058

The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

CVE-2026-32447

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through = 4.3.2...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

PT-2026-27779

Name of the Vulnerable Software and Affected Versions N2W versions prior to 4.3.2 N2W version 4.4.0 Description Improper validation of API request parameters can allow for remote code execution. Recommendations Update N2W to a version newer than 4.3.2. Update N2W to a version newer than 4.4.0...

CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through 4.3.4...

PT-2026-23398

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through = 4.3.2...

WordPress plugin rh-frontend 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-27327

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

CVE-2026-27327

The CVE-2026-27327 entry concerns the WordPress YayMail – WooCommerce Email Customizer plugin (YayMail) version &lt;= 4.3.2, where a Missing Authorization/ Broken Access Control vulnerability exists due to incorrectly configured access control security levels. Affected component is the YayMail pl...

CVE-2026-27327 WordPress YayMail – WooCommerce Email Customizer plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in YayCommerce YayMail yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail: from n/a through = 4.3.2...

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

PT-2026-20929

Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a through = 4.3.2...

CVE-2026-1938

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...

CVE-2026-1938 YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint

The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the /yaymail-license/v1/license/delete REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated...