CVE-2026-49105

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49078

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

CVE-2026-49043

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

CVE-2026-48964

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

CVE-2026-48882

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

CVE-2026-42665

Unauthenticated SQL Injection in WP Data Access = 5.5.70 versions...

CVE-2026-42655

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-42661

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

CVE-2026-42411

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

CVE-2026-42378

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-40798

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40791

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

CVE-2026-40790

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

CVE-2026-40776

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.8 versions...

CVE-2026-40773

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

CVE-2026-39534

Unauthenticated Broken Access Control in WP Directory Kit = 1.5.0 versions...

CVE-2026-39587

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

CVE-2026-39527

Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...

CVE-2026-39511

Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...

CVE-2026-39451

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...