CVE-2026-42679

CVE-2026-42679 affects the WordPress plugin Classified Listing (versions

WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin WPC Product Bundles for WooCommerce versions = 8.5.3...

WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peleg Nagli ultrared.ai in WordPress Plugin Stop Spammers versions = 2026.3...

CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

CVE-2026-42680

CVE-2026-42680 : Affected product is the WordPress plugin Contest Gallery Pro up to version 29.0.1. The vulnerability is an Incorrect Privilege Assignment that allows privilege escalation. The CVSS 3.1 base score is 9.8 (CRITICAL) with attack vector NETWORK, no user interaction, and requires no p...

CVE-2026-42681

CVE-2026-42681 affects the WordPress plugin e2pdf (versions up to 1.32.14). The issue is a Reflected XSS due to improper neutralization during web page generation, enabling cross-site scripting. CVSSv3.1 base score 7.1 (HIGH) with Network attack vector, Low confidentiality/integrity/availability ...

CVE-2026-42681 WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...

CVE-2026-42681 WordPress e2pdf plugin <= 1.32.14 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...

WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mukhlis Amien in WordPress Plugin EmbedPress versions = 4.5.2...

CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

CVE-2026-42682

The CVE-2026-42682 entry concerns the WordPress wpForo Forum plugin (versions n/a through 3.0.6). A Missing Authorization vulnerability arises from broken access control with incorrectly configured access levels in the plugin, enabling unauthorized access to protected functionality. Severity is r...

CVE-2026-42683 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

CVE-2026-42683 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

CVE-2026-42683

The CVE-2026-42683 entry concerns the WordPress plugin VikBooking Hotel Booking Engine & PMS, affected through version 1.8.8. The issue is an Improper Neutralization of Input During Web Page Generation, i.e., a DOM-based Cross-Site Scripting (XSS) vulnerability. The root cause, as stated, is impr...

CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

CVE-2026-48839

CVE-2026-48839 affects the WordPress WP Statistics plugin

CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...

EUVD-2026-33652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6...