264205 matches found
CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...
CVE-2026-42740
The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range
CVE-2026-42744
The CVE-2026-42744 entry concerns the WordPress Ads by WPQuads plugin (quick-adsense-reloaded) version
CVE-2026-42745
The CVE-2026-42745 entry concerns the WordPress Clover plugin ( Clover Online Orders) version <= 1.6.0, where a Broken Authentication vulnerability allows bypassing authentication via an alternate path or channel. Documents consistently describe an authentication bypass affecting the Smart Onl...
EUVD-2026-32193
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
CVE-2026-42745 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42756
CVE-2026-42756 affects the WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin up to version 3.2.7. It is an improper pathname limitation (path traversal) vulnerability in QuickWebP that can lead to arbitrary file deletion. Exploitation details are not provided i...
CVE-2026-42744 WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability
Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through = 3.0.2...
CVE-2026-42746
CVE-2026-42746 concerns the WordPress Clover plugin “clover-online-orders” (Smart Online Order for Clover) with versions up to 1.6.0. The vulnerability is described as an Insertion of Sensitive Information Into Sent Data, allowing retrieval of embedded sensitive data. The provided documents indic...
CVE-2026-42739
The CVE-2026-42739 affects the WordPress Advanced IP Blocker plugin (
CVE-2026-42758 WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...
CVE-2026-42758 WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2026-42747 WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...
CVE-2026-42755 WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through = 1.0.5.1...
CVE-2026-42750
CVE-2026-42750 concerns the WordPress plugin WPComplete by Nexcess. The vulnerability is a stored XSS caused by improper neutralization of input during web page generation, affecting WPComplete versions up to and including 2.9.5.4. Public references consistently describe the issue as a Stored XSS...
CVE-2026-42753 WordPress WCFM Membership plugin <= 2.11.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through = 2.11.10...
CVE-2026-42751
The CVE-2026-42751 entry concerns the WordPress Booking Manager plugin by wpdevelop, affected in versions up to 2.1.18. The vulnerability is due to improper neutralization of input during web page generation, enabling a Stored XSS vulnerability in the Booking Manager component. The available conn...