263185 matches found
CVE-2026-39472
The CVE-2026-39472 affects the WordPress WooCommerce PDF Invoices & Packing Slips plugin prior to version 5.9.0, where a PHP Object Injection vulnerability was reported affecting shop manager operations. The root cause is a PHP Object Injection flaw in this plugin version, with CVSS 3.1 base metr...
CVE-2026-39472 WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...
CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability
Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...
CVE-2026-39470
CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...
CVE-2026-39471
CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (
CVE-2026-39470 WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...
CVE-2026-39468 WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39468
WordPress Meta Box – WordPress Custom Fields Framework plugin
CVE-2026-39465
CVE-2026-39465 : The WordPress plugin Responsive Slider by MetaSlider (versions
CVE-2026-39463 WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in ManageWP Worker = 4.9.31 versions...
CVE-2026-39465 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability
Editor Remote Code Execution RCE in Responsive Slider by MetaSlider = 3.106.0 versions...
CVE-2026-39463
CVE-2026-39463 affects the WordPress plugin ManageWP Worker (versions
CVE-2026-39451 WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...
CVE-2026-39451
CVE-2026-39451 concerns the WordPress WP Google Review Slider plugin (versions <= 18.0), with an unauthenticated Cross-Site Scripting (XSS) vulnerability reported. The Patchstack entry notes the vulnerability (discovered by hhhai) in versions
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...
CVE-2026-39449
CVE-2026-39449 is an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin Contact Form to Any API for versions ≤ 3.0.3. The issue is documented by Patchstack and CVEs listed in connected records; affected component is the plugin and the root cause details are not discl...
CVE-2026-39450
CVE-2026-39450 concerns the WordPress FunnelKit Automations plugin, version
CVE-2026-39449 WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...