CVE-2026-42762 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

CVE-2026-42761 WordPress Active Products Tables for WooCommerce plugin <= 1.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

CVE-2026-42762 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

CVE-2026-42756 WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin <= 3.2.7 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly: from n...

CVE-2026-42753 WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...

CVE-2026-42744 WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CVE-2026-42756

CVE-2026-42756 affects the WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin up to version 3.2.7. It is an improper pathname limitation (path traversal) vulnerability in QuickWebP that can lead to arbitrary file deletion. Exploitation details are not provided i...

CVE-2026-42739

The CVE-2026-42739 affects the WordPress Advanced IP Blocker plugin (

CVE-2026-42759

CVE-2026-42759 describes a stored XSS in the WordPress plugin “Timo Affiliate Super Assistent amazonsimpleadmin,” caused by improper neutralization of input during web page generation. Affected: Affiliate Super Assistent versions from n/a through

CVE-2026-42746

CVE-2026-42746 concerns the WordPress Clover plugin “clover-online-orders” (Smart Online Order for Clover) with versions up to 1.6.0. The vulnerability is described as an Insertion of Sensitive Information Into Sent Data, allowing retrieval of embedded sensitive data. The provided documents indic...

CVE-2026-42745

The CVE-2026-42745 entry concerns the WordPress Clover plugin ( Clover Online Orders) version &lt;= 1.6.0, where a Broken Authentication vulnerability allows bypassing authentication via an alternate path or channel. Documents consistently describe an authentication bypass affecting the Smart Onl...

CVE-2026-42747

CVE-2026-42747 describes a Blind SQL Injection in the WordPress plugin Easy Form Builder (hassantafreshi) up to version 4.0.6. The issue is due to improper neutralization of special elements in SQL commands, enabling an attacker to exploit it without user interaction. Impact is stated as high con...

CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

CVE-2026-42757 WordPress WebinarIgnition plugin < 4.08.253 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through 4.08.253...

EUVD-2026-32193

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CVE-2026-42744

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CVE-2026-42737 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...