PT-2026-46321

Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...

PT-2026-46181

Name of the Vulnerable Software and Affected Versions WP eMember versions prior to 10.2.3 Description An issue in the software allows the retrieval of embedded sensitive system information by an unauthorized control sphere. Recommendations Update to a version later than 10.2.2...

PT-2026-46331

Unauthenticated Local File Inclusion in MaxiNet = 1.2.10 versions...

PT-2026-46368

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

PT-2026-46338

Unauthenticated Local File Inclusion in Deliciosa = 1.10.0 versions...

PT-2026-46364

Unauthenticated Local File Inclusion in Gita = 1.11 versions...

PT-2026-46342

Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...

PT-2026-46335

Unauthenticated Local File Inclusion in CopyPress = 1.4.5 versions...

PT-2026-46357

Unauthenticated Local File Inclusion in Quirky = 1.23 versions...

PT-2026-46345

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

PT-2026-46330

Unauthenticated Local File Inclusion in Nexio = 1.10.0 versions...

PT-2026-46329

Unauthenticated Local File Inclusion in Planty = 1.14.0 versions...

PT-2026-46341

Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Dokan versions = 5.0.2...

WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AutomatorWP versions = 5.7.2...

WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by adhikara13 in WordPress Plugin JobSearch versions = 3.2.7...

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions = 4.9.4...

WordPress MasterStudy LMS Pro plugin <= 4.8.20 - Authenticated (Instructor+) SQL Injection vulnerability

Authenticated Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin MasterStudy LMS Pro versions = 4.8.20...

WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by endy in WordPress Plugin Quiz And Survey Master versions = 11.1.2...

WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by fayespiegel in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...