1805 matches found
CVE-2026-57631
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57319
Unauthenticated Cross Site Scripting XSS in FOX = 1.4.8 versions...
CVE-2026-52701
Unauthenticated Broken Access Control in User Registration = 5.2.2 versions...
EUVD-2026-39763
Contributor Broken Access Control in Nelio Content = 4.3.4 versions...
EUVD-2026-39757
Contributor SQL Injection in Gallery = 4.7.8 versions...
CVE-2026-57618
CVE-2026-57618 describes a Cross Site Scripting (XSS) vulnerability in the WordPress plugin/theme set for Neve PRO, affecting versions ≤ 3.1.2. The initial data specifies Neve PRO
CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
EUVD-2026-39705
Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...
CVE-2026-56039 WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Quick Interest Slider = 3.1.6 versions...
CVE-2026-56030
CVE-2026-56030 affects WordPress Paytium plugin (versions
CVE-2025-63078
The CVE-2025-63078 entry concerns the WordPress plugin “Restaurant Menu by MotoPress” (MotoPress) <= 2.4.11. Affected component is the plugin’s access control mechanism, with root cause described as Broken Access Control. The vulnerability is reported to affect users of the plugin in WordPress...
WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Tarcísio LuchesiPoystick in WordPress Plugin Fluent Booking versions = 2.1.0...
CVE-2026-54838
Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...
PT-2026-52431
Name of the Vulnerable Software and Affected Versions Post Snippets versions prior to 4.0.20 Description Remote attackers with contributor-level permissions can execute arbitrary code on the server. Recommendations Update Post Snippets to version 4.0.20 or later...
WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hivesec in WordPress Plugin Gutenverse Form versions = 2.4.7...
CVE-2026-8622
The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Server Variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...
CVE-2026-56007
CVE-2026-56007 affects WordPress Ocean Product Sharing plugin versions up to and including 2.2.2. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during web page generation in OceanWP Ocean Product Sharing. The vulnerability impact is limi...
EUVD-2025-210261
Unauthenticated Local File Inclusion in Preservation = 1.10 versions...
EUVD-2026-37669
Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...