PT-2026-49117

Name of the Vulnerable Software and Affected Versions Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions prior to 1.1.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input i...

PT-2026-49143

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.0.10 Description The plugin fails to properly enforce the marker approval filter on the admin-ajax fallback for its datatables route. This allows unauthenticated visitors to retrieve marker records that the site...

PT-2026-49116

Name of the Vulnerable Software and Affected Versions Shared Files versions prior to 1.7.65 Description An unauthenticated path traversal issue exists, allowing an attacker to access files and directories outside the intended folder on the server. Recommendations Update to a version newer than...

PT-2026-49115

Name of the Vulnerable Software and Affected Versions Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions prior to 1.2.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when...

PT-2026-49141

Name of the Vulnerable Software and Affected Versions LatePoint versions prior to 5.5.2 Description A privilege escalation issue exists where users with Contributor roles can gain higher privileges. Recommendations Update to version 5.5.2 or later...

PT-2026-49140

Name of the Vulnerable Software and Affected Versions Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons versions prior to 1.4.9 Description An issue exists that leads to the exposure of sensitive subscriber data. Recommendations Update to a version...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Gitlab

CVE-2025-4524...

Exploit for CVE-2026-42647

CVE-2026-42647 - JoomSport Unauthenticated Time-Based Blind SQ...

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

CVE-2026-5513

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Exploit for CVE-2026-48907

CVE-2026-48907 Description هذا الملف CVE-2025-9209.py هو أداة...

EUVD-2026-36651

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-5513

The Bookly WordPress plugin (Online Scheduling and Appointment Booking System) is vulnerable to Stored XSS in versions up to 27.2 via the bookly-customer-full-name cookie due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary scripts that execut...

CVE-2026-1291

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

EUVD-2026-36649

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...

CVE-2026-1291

CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...

CVE-2026-3297

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2026-2470

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...