PT-2026-50082

Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

PT-2026-50086

Name of the Vulnerable Software and Affected Versions ACPT Pro - Custom Post Types Plugin for WordPress versions prior to 2.0.48 Description Improper Control of Generation of Code allows for Remote Code Inclusion and unauthenticated Remote Code Execution RCE. This issue enables an attacker to...

PT-2026-49618

Name of the Vulnerable Software and Affected Versions Premmerce Dev Tools versions prior to 2.1 Description The Premmerce Dev Tools plugin for WordPress allows authenticated attackers with Subscriber-level access and above to achieve remote code execution. The issue occurs because the...

PT-2026-49620

Name of the Vulnerable Software and Affected Versions Abandoned Contact Form 7 versions prior to 2.3 Description The plugin allows unauthenticated attackers to permanently delete arbitrary posts, pages, or other content on a site. This occurs because the action remove abandoned function, register...

EUVD-2026-36988

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

EUVD-2026-36975

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

EUVD-2026-36950

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

EUVD-2026-36930

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

EUVD-2026-36921

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

EUVD-2026-36922

Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...

CVE-2026-49776

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...

CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

CVE-2026-48882

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-39587

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

CVE-2026-39527

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

CVE-2026-27089

Unauthenticated Bypass Vulnerability in WpTravelly = 2.1.7 versions...

CVE-2026-52703 WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Unauthenticated Path Traversal in FastDup = 2.7.2 versions...