CVE-2026-54191 WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Pods = 3.3.8 versions...

CVE-2026-54190 WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Envira Photo Gallery = 1.12.5 versions...

EUVD-2026-37051

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

CVE-2026-52715

GEO my WordPress plugin (WordPress)

CVE-2026-52715 WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

CVE-2026-52714 WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO = 12.4.16 versions...

CVE-2026-52711 WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce POS = 1.8.14 versions...

CVE-2026-52712 WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...

EUVD-2026-37047

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

CVE-2026-39581

CVE-2026-39581 documents a SQL Injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic for versions

CVE-2026-39581 WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.4 - SQL Injection vulnerability

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

CVE-2026-39490 WordPress JupiterX Core plugin <= 4.14.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JupiterX Core = 4.14.1 versions...

CVE-2025-68045

CVE-2025-68045 concerns the WordPress WP Event Solution plugin, affected versions

CVE-2025-68045 WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

EUVD-2025-210166

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

CVE-2026-10093

The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldrttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...