CVE-2026-48874 WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions

CVE-2026-48874 WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

CVE-2026-48873 WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...

CVE-2026-48872 WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

CVE-2026-48872

CVE-2026-48872 relates to the WordPress WordPress EmbedPress plugin (versions

CVE-2026-48873

CVE-2026-48873 affects the WordPress plugin Montonio for WooCommerce (versions ≤ 10.1.2). The issue is Unauthenticated Broken Access Control in this plugin, allowing unauthenticated access to protected functionality (impact: high integrity impact; confidentiality/availability not affected per the...

CVE-2026-48871

The MW WP Form WordPress plugin, versions ≤ 5.1.3, has an unauthenticated Cross Site Scripting (XSS) vulnerability. The provided documents do not specify the exact vulnerable component, root cause, exploit details, or a remediation version. Exploitation status is not described. Monitor Patchstack...

CVE-2026-48871 WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...

CVE-2026-48868 WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

CVE-2026-48870 WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

CVE-2026-48870

CVE-2026-48870 affects the WordPress plugin King Addons for Elementor (versions

CVE-2026-48868

The CVE-2026-48868 entry concerns the WordPress WordPress Simple Shopping Cart plugin (versions

CVE-2026-48867 WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...

CVE-2026-48867

The CVE-2026-48867 entry concerns the WordPress plugin Quiz And Survey Master (versions

CVE-2026-48836 WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

CVE-2026-48838 WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

CVE-2026-48838

CVE-2026-48838 covers an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Post SMTP plugin, versions

CVE-2026-48836

The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...

CVE-2026-48835 WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...