263358 matches found
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 2.0.8 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 2.0.8...
CVE-2026-49077 WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...
CVE-2026-49077
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...
CVE-2026-49077 WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...
EUVD-2026-34241
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2...
CVE-2026-49077
CVE-2026-49077 concerns the WordPress WP eMember plugin and affects versions up to v10.2.2 (n/a through v10.2.2). It is described as an exposure of sensitive system information to an unauthorized control sphere, enabling retrieval of embedded sensitive data. The CVSS v3.1 base score is 5.3 (Mediu...
WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WP eMember versions = v10.2.2...
WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin OttoKit versions = 1.1.27...
CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771 WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41...
CVE-2026-49771
Summary of CVE-2026-49771 : The WordPress Photo Gallery by 10Web plugin (versions up to 1.8.41) is affected by an SQL Injection vulnerability due to improper neutralization of special elements. The issue enables blind SQL injection. Details in connected documents specify the affected product and ...
WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Photo Gallery by 10Web versions = 1.8.41...
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
Backdoor vulnerability discovered by Shane in WordPress Plugin Product Slider Pro for WooCommerce versions 3.5.4...
WordPress Content Visibility for Divi Builder plugin <= 4.02 - Authenticated (Contributor+) Remote Code Execution vulnerability
Authenticated Contributor+ Remote Code Execution vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Content Visibility for Divi Builder versions = 4.02...
WordPress SP Project & Document Manager plugin <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure vulnerability
Missing Authorization to Unauthenticated Arbitrary File Information Disclosure vulnerability discovered by Namdn - Vncsglobal in WordPress Plugin SP Project & Document Manager versions = 4.71...
WordPress ARMember Premium – Membership plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability
Insecure Password Reset Mechanism to Unauthenticated Privilege Escalation vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...
WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...
WordPress ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 7.3.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin ARMember Premium versions = 7.3.1...
Exploit for SQL Injection in Wpdeveloper Notificationx
CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection...
CVE-2026-10737
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...