83678 matches found
CVE-2026-39514
The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Paid Member Subscriptions (versions up to 2.17.3 ). The issue is triggered via reflected input, affecting the plugin’s handling of user-supplied data and potentially enabling code execu...
CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...
CVE-2026-39514 WordPress Paid Member Subscriptions plugin <= 2.17.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...
CVE-2026-39513 WordPress Easy Appointments plugin <= 3.12.21 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...
CVE-2026-39511 WordPress WP Photo Album Plus plugin <= 9.1.08.001 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39499 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability
Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...
CVE-2026-39493
CVE-2026-39493 : The WordPress plugin Simply Schedule Appointments (versions
CVE-2026-39489 WordPress Download Monitor plugin <= 5.1.9 - Non-Arbitrary File Download vulnerability
Author Arbitrary File Download in Download Monitor = 5.1.9 versions...
CVE-2026-39478 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...
CVE-2026-39471
CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (
CVE-2026-39470
CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...
CVE-2026-39451 WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...
CVE-2026-39451
CVE-2026-39451 concerns the WordPress WP Google Review Slider plugin (versions <= 18.0), with an unauthenticated Cross-Site Scripting (XSS) vulnerability reported. The Patchstack entry notes the vulnerability (discovered by hhhai) in versions
CVE-2026-39449 WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...
CVE-2026-39447 WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...
CVE-2026-39447
CVE-2026-39447: Unauthenticated Cross-Site Scripting (XSS) in the WordPress plugin Simply Schedule Appointments (versions
CVE-2026-39441
CVE-2026-39441 affects the WordPress plugin Feed KuantoKusta for WooCommerce – Free, version
CVE-2026-34902
CVE-2026-34902 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “WooCommerce Product Table Lite” up to version 4.6.3. The issue affects the plugin’s handling of input in the product table rendering, enabling XSS payloads to be executed in contexts wher...
CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...