263044 matches found
WordPress Slider Revolution - Local File Disclosure
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the img parameter in a revslidershowimage action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. id:...
LatePoint <= 5.0.12 - Authentication Bypass
LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...
Quick Event Manager < 9.7.5 - Cross-Site Scripting
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...
EUVD-2026-37552
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...
CVE-2026-25470
CVE-2026-25470 : Unauthenticated RCE in WordPress ACPT (Pro) – Custom Post Types Plugin for WordPress (ACPT) 2.0.47 if available; no public patch details provided in the documents. Exploitation status is not provided in the connected documents. Monitor for updates and vendor advisories for a con...
CVE-2026-39598
CVE-2026-39598 concerns WordPress Academy LMS Pro plugin (pre-3.5.2). The vulnerability is an Unrestricted Upload of File with a Dangerous Type, enabling an attacker to upload a web shell to the web server. Affected: Academy LMS Pro prior to 3.5.2. CVSS 3.1 metrics indicate NETWORK attack Vector,...
CVE-2026-39598 WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...
CVE-2026-49073
Summary: CVE-2026-49073 affects the WordPress plugin Directorist Booking (wpWax Directorist Booking) versions up to 3.0.3. The issue is an SQL Injection in the plugin, allowing blind SQL injection through improper neutralization of special elements in SQL commands. The CVSSBase score is 8.5 (HIGH...
CVE-2026-49073 WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: from n/a through 3.0.3...
CVE-2026-49080
CVE-2026-49080 : Unauthenticated SQL Injection affecting the WordPress plugin wpDataTables, version
CVE-2026-49113
The CVE-2026-49113 entry concerns the WordPress Cornerstone plugin, affected versions earlier than 7.8.8. It describes a Subscriber-level Arbitrary Code Execution vulnerability, with CVSSv3.1 metrics indicating a NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, ...
CVE-2026-49080 WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpDataTables = 7.3.6 versions...
CVE-2026-49113 WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability
Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...
CVE-2026-49057
The CVE-2026-49057 entry concerns the WordPress JobSearch plugin (≤ 3.2.7) with Unauthenticated Broken Access Control. Concrete details found: affected software/product is WordPress JobSearch plugin; vulnerable component/condition is broken access control without authentication; impact is describ...
CVE-2026-49057 WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JobSearch = 3.2.7 versions...
CVE-2026-40761
WordPress Theme Valeska <= 1.2.2 is affected by an unauthenticated PHP Object Injection vulnerability. Affected component: Valeska theme (WordPress). Root cause: PHP object injection in versions
CVE-2026-48869
CVE-2026-48869 : The WordPress Enfold theme (versions
CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2026-48869 WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Enfold = 7.1.4 versions...
CVE-2026-40760
WordPress Behold theme