264252 matches found
CVE-2026-42757
The CVE-2026-42757 issue affects the WordPress WebinarIgnition plugin (vulnerable:
CVE-2026-42754
The CVE-2026-42754 entry describes a Reflected XSS vulnerability in the WordPress plugin favicon-by-realfavicongenerator (Favicon), affecting versions up to and including 1.3.46. The underlying issue is improper neutralization of input during web page generation. Impact is Cross-Site Scripting, w...
CVE-2026-42755
CVE-2026-42755 affects the WordPress RealMag777 TableOn plugin, specifically the posts-table-filterable component, with versions up to and including 1.0.5.1. The issue is an improper neutralization of special elements used in SQL commands, resulting in a Blind SQL Injection vulnerability. The CVS...
CVE-2026-42748
CVE-2026-42748 affects the WordPress plugin WPify Woo Czech (WPify WPify Woo Czech)
CVE-2026-42758
CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...
CVE-2026-42747
CVE-2026-42747 describes a Blind SQL Injection in the WordPress plugin Easy Form Builder (hassantafreshi) up to version 4.0.6. The issue is due to improper neutralization of special elements in SQL commands, enabling an attacker to exploit it without user interaction. Impact is stated as high con...
CVE-2026-42751 WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...
CVE-2026-42751
The CVE-2026-42751 entry concerns the WordPress Booking Manager plugin by wpdevelop, affected in versions up to 2.1.18. The vulnerability is due to improper neutralization of input during web page generation, enabling a Stored XSS vulnerability in the Booking Manager component. The available conn...
CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
CVE-2026-42754 WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...
CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...
CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...
CVE-2026-42744
The CVE-2026-42744 entry concerns the WordPress Ads by WPQuads plugin (quick-adsense-reloaded) version
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
CVE-2026-42737
CVE-2026-42737 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin (≤1.8.9). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling potential arbitrary file deletion. The CVSS 3.1 base score is 8.6 (HIGH) with Network attack, no user ...
CVE-2026-42736 WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...
CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...
CVE-2026-42733
Summary: CVE-2026-42733 affects the WordPress RealMag777 WPCS currency-switcher plugin (WPCS) versions up to and including 1.3.1. The issue is a DOM-based XSS caused by improper input neutralization during web page generation . Reported CVSS v3.1 metrics indicate a base score of 7.1 (HIGH) with n...
CVE-2026-42738
The CVE-2026-42738 entry concerns the WordPress Clover-based plugin Smart Online Order for Clover (clover-online-orders), affected versions up to and including 1.6.0. A stored XSS flaw arises from improper neutralization of input during web page generation, enabling malicious input to be stored a...