CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

CVE-2026-54838 WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WC Vendors Marketplace versions = 2.6.8...

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0126

In WC-Radio, there is a confirmed vulnerability causing an out-of-bounds write due to a missing bounds check. This can lead to remote code execution with no privileges and no user interaction required. The issue is detailed across multiple feeds (NVD entry CVE-2026-0126, EUVD-2026-, and related O...

PT-2026-49785

Name of the Vulnerable Software and Affected Versions WC-Radio affected versions not specified Description A missing bounds check in WC-Radio allows for an out-of-bounds write, which is a memory corruption occurance where data is written outside the intended buffer. This can lead to remote code...

EUVD-2026-36905

Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...

CVE-2026-42753

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

PUB-A-472711335

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-42753

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

CVE-2026-42753

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

PT-2026-43661

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through = 3.7.1...

CVE-2025-63029

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

PT-2026-33097

Name of the Vulnerable Software and Affected Versions WCFM Marketplace versions n/a through 3.7.1 Description Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, allows for the execution of unauthorized SQL commands. Recommendations At the moment, ther...

CVE-2026-39608

Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through = 1.3.7...

CVE-2026-39705

CVE-2026-39705 concerns the WordPress plugin MIPL WC Multisite Sync by Mulika Team, vulnerable through a missing/incorrect authorization mechanism. The issue affects versions through 1.4.4 and is categorized as Broken Access Control due to improperly configured access control security levels. Pub...