263082 matches found
CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
CVE-2026-49769
CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...
EUVD-2026-36890
Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...
CVE-2026-49768 WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...
CVE-2026-49766
CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...
CVE-2026-49768
CVE-2026-49768 affects the WordPress plugin Happyforms (versions ≤ 1.26.13). The vulnerability is an unauthenticated PHP Object Injection in Happyforms, caused by an unsafe object deserialization path. Impact is described as high for confidentiality, integrity, and availability, with a CVSS 3.1 b...
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
CVE-2026-49765 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
EUVD-2026-36889
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
CVE-2026-49765
The CVE-2026-49765 entry concerns the WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin (versions <= 1.1.8). The connected sources confirm unauthenticated PHP Object Injection as the vulnerability, with a CVSS 3.1 base score of 9.8 (CRITICAL) and im...
CVE-2026-49764
CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...
CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
CVE-2026-49763
CVE-2026-49763 concerns the WordPress plugin “WordPress Integration for Contact Form 7 HubSpot” (versions
CVE-2026-49112 WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability
Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...
CVE-2026-49110
The CVE-2026-49110 entry concerns the WordPress plugin Upsell Order Bump Offer for WooCommerce, affected in versions <= 3.1.4. It describes an Unauthenticated Broken Authentication vulnerability enabling price manipulation in Upsell Order Bump offers. CVSSv3.1 metrics indicate Network attack v...
CVE-2026-49112
CVE-2026-49112: Unauthenticated Path Traversal in WordPress Shared Files plugin