WordPress Plugin DukaPress 2.5.2 - Directory Traversal

A directory traversal vulnerability in the dpimgresize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the src parameter to lib/dpimage.php. id: CVE-2014-8799 info: name: WordPress Plugin...

WP Fastest Cache 1.2.2 - SQL Injection

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2023-6063 info: name: WP Fastest Cache 1.2.2 - SQL Injection author: DhiyaneshDK...

CVE-2026-57661

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

CVE-2026-57628

Administrator SQL Injection in WP All Import = 4.0.1 versions...

CVE-2026-54824

Unauthenticated Sensitive Data Exposure in Ads by WPQuads = 3.0.3 versions...

CVE-2026-57661 WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

CVE-2026-57660

The CVE-2026-57660 entry is supported by connected documents showing an Unauthenticated Broken Access Control flaw in the WordPress Booking and Rental Manager plugin, affecting versions

CVE-2026-57657

The connected sources confirm an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Gmail SMTP plugin, affecting versions up to 1.2.3.19. The issue is documented across CVE entries and third-party listings as CVE-2026-57657 and specifies the affected product as the W...

CVE-2026-57658

CVE-2026-57658 concerns the WordPress TemplateSpare plugin, specifically versions

CVE-2026-57655 WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

EUVD-2026-39768

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

CVE-2026-57649

The CVE concerns the WordPress Shoppable Images Lite plugin (versions

CVE-2026-57647

CVE-2026-57647 concerns the WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin, affected in versions

CVE-2026-57646

CVE-2026-57646 affects the WordPress Majestic Support plugin (versions

CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

CVE-2026-57644 WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

CVE-2026-57643

WP Post Author plugin for WordPress, versions

CVE-2026-57638

CVE-2026-57638 concerns a Cross Site Scripting (XSS) vulnerability in the WordPress plugin Fluent Booking affecting versions

CVE-2026-57638 WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...