83679 matches found
CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42664 WordPress AI Product Search for WooCommerce – Motive Commerce Search plugin <= 1.38.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in AI Product Search for WooCommerce Motive Commerce Search = 1.38.2 versions...
CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability
Custom role Path Traversal in WP Customer Area = 8.3.4 versions...
CVE-2026-42659
The CVE concerns WordPress plugin “Advanced Form Integration” (versions
CVE-2026-42658
The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions
CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability
Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...
CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...
CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-42411
CVE-2026-42411 affects the WordPress CloudSecure WP Security plugin (versions
CVE-2026-42411 WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...
CVE-2026-42411 WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...
CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...
CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...
CVE-2026-42384
CVE-2026-42384 concerns the WordPress plugin “Simply Schedule Appointments” (versions prior to 1.6.11.2). The entry documents an unauthenticated, sensitive data exposure vulnerability affecting this plugin. The vulnerability is described as exposing sensitive data without authentication, with a C...
EUVD-2026-36810
Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...
CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...
CVE-2026-40794
The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...
CVE-2026-40795 WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Amelia = 2.2 versions...
CVE-2026-40793
CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg < 4.4.1. The connected documents corroborate that the vulnerabil...
CVE-2026-40787
The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...