1789 matches found
CVE-2026-57791
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...
CVE-2026-57795
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...
CVE-2026-57798
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SaurabhSharma NewsPlus Shortcodes newsplus-shortcodes allows PHP Local File Inclusion.This issue affects NewsPlus Shortcodes: from n/a through = 4.2.0...
CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...
CVE-2026-57412 WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through = 4.6.9...
CVE-2026-57420
CVE-2026-57420 concerns a Stored XSS in the WordPress plugin Author Box WP Lens (component: author-box-for-divi). The vulnerability arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected range is WordPress users running versions
CVE-2026-57378
The CVE-2026-57378 entry describes a Missing Authorization vulnerability in the WordPress plugin Advanced Forms (Phil Kurth) affecting versions up to and including 1.9.3.7. The issue arises from incorrectly configured access control, enabling unauthorized actions without sufficient privileges. Do...
CVE-2026-15097
The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-13347
The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...
WordPress Amelia plugin <= 2.4.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Amelia versions = 2.4.2...
WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin WPJAM Basic versions = 7.0...
EUVD-2026-41656
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF
Gitea versions up to and including 1.26.2 have incomplete SSRF protection in webhook and migration allow-list filtering...
WordPress NewsPlus Shortcodes plugin <= 4.2.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NewsPlus Shortcodes versions = 4.2.0...
CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
Contributor SQL Injection in WP EasyCart = 5.9.0 versions...
CVE-2026-57762
Author Cross Site Scripting XSS in Simple URLs = 151 versions...
CVE-2026-57687
CVE-2026-57687 concerns a SQL Injection vulnerability in the WordPress plugin Custom Field Template (versions
CVE-2025-69153
Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...
WordPress WP EasyCart plugin <= 5.9.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by HaiND in WordPress Plugin WP EasyCart versions = 5.9.1...
PT-2026-54965
Unauthenticated Cross Site Scripting XSS in Artale | Wedding Photography WordPress = 2.2.2 versions...