263192 matches found
CVE-2026-39451 WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...
CVE-2026-39451
CVE-2026-39451 concerns the WordPress WP Google Review Slider plugin (versions <= 18.0), with an unauthenticated Cross-Site Scripting (XSS) vulnerability reported. The Patchstack entry notes the vulnerability (discovered by hhhai) in versions
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...
CVE-2026-39449
CVE-2026-39449 is an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin Contact Form to Any API for versions ≤ 3.0.3. The issue is documented by Patchstack and CVEs listed in connected records; affected component is the plugin and the root cause details are not discl...
CVE-2026-39450
CVE-2026-39450 concerns the WordPress FunnelKit Automations plugin, version
CVE-2026-39449 WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...
CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...
CVE-2026-39447
CVE-2026-39447: Unauthenticated Cross-Site Scripting (XSS) in the WordPress plugin Simply Schedule Appointments (versions
CVE-2026-39447 WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.10.6 versions...
CVE-2026-39435 WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in CformsII = 15.1.3 versions...
CVE-2026-39441
CVE-2026-39441 affects the WordPress plugin Feed KuantoKusta for WooCommerce – Free, version
CVE-2026-39435
CVE-2026-39435 affects WordPress CformsII plugin versions
CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...
CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...
CVE-2026-39434 WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability
Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...
CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...
CVE-2026-39434
CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions
CVE-2026-34902
CVE-2026-34902 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “WooCommerce Product Table Lite” up to version 4.6.3. The issue affects the plugin’s handling of input in the product table rendering, enabling XSS payloads to be executed in contexts wher...
CVE-2026-34901 WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in iControlWP = 5.5.3 versions...
CVE-2026-34901
CVE-2026-34901 affects WordPress iControlWP plugin,