264435 matches found
CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...
WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Taxi Booking Manager for WooCommerce versions = 2.0.1...
CVE-2026-25444
CVE-2026-25444 concerns the WordPress plugin WordPress WpBookingly (Magepeople Inc.), affected versions:
CVE-2026-25444 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...
CVE-2026-25444 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9...
WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tiktok Feed versions = 1.0.24...
CVE-2026-27331 WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...
CVE-2026-27331 WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...
CVE-2026-27331
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5...
CVE-2026-27331
Summary: CVE-2026-27331 affects the WordPress plugin WpTravelly (
WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin WpBookingly versions = 1.2.9...
WordPress WpTravelly plugin <= 2.1.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by johska in WordPress Plugin WpTravelly versions = 2.1.5...
WordPress WP Promoter plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab - Pondok Teknologi in WordPress Plugin WP Promoter versions = 1.3...
Supsystic Contact Form Wordpress Plugin SSTI RCE
This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...
WordPress MetaMagic SEO Plugin plugin <= 1.6 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin MetaMagic SEO Plugin versions = 1.6...
WordPress Github Shortcode plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Github Shortcode versions = 0.1...
WordPress WPBakery Page Builder Addons by Livemesh plugin <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh Addons for WPBakery Page Builder versions = 3.9.4...
WordPress EnvíaloSimple: Email Marketing y Newsletters plugin <= 2.4.5 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by Maurice Fielenbach Hexastrike - Hexastrike Cybersecurity UG haftungsbeschränkt in WordPress Plugin EnvíaloSimple versions = 2.4.5...
WordPress Shortcode Buddy plugin <= 0.1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Shortcode Buddy versions = 0.1.9.5...
WordPress iWR Tooltip plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin iWR Tooltip versions = 1.0...