264402 matches found
CVE-2026-42751 WordPress Booking Manager plugin <= 2.1.18 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through = 2.1.18...
CVE-2026-42751
The CVE-2026-42751 entry concerns the WordPress Booking Manager plugin by wpdevelop, affected in versions up to 2.1.18. The vulnerability is due to improper neutralization of input during web page generation, enabling a Stored XSS vulnerability in the Booking Manager component. The available conn...
CVE-2026-42748 WordPress WPify Woo Czech plugin <= 5.4.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...
CVE-2026-42744
The CVE-2026-42744 entry concerns the WordPress Ads by WPQuads plugin (quick-adsense-reloaded) version
CVE-2026-42740 WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through = 1.0.3...
CVE-2026-42756
CVE-2026-42756 affects the WordPress QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly plugin up to version 3.2.7. It is an improper pathname limitation (path traversal) vulnerability in QuickWebP that can lead to arbitrary file deletion. Exploitation details are not provided i...
CVE-2026-42737
CVE-2026-42737 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin (≤1.8.9). The issue is an improper limitation of a pathname to a restricted directory (path traversal), enabling potential arbitrary file deletion. The CVSS 3.1 base score is 8.6 (HIGH) with Network attack, no user ...
CVE-2026-42736 WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...
CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...
CVE-2026-42733
Summary: CVE-2026-42733 affects the WordPress RealMag777 WPCS currency-switcher plugin (WPCS) versions up to and including 1.3.1. The issue is a DOM-based XSS caused by improper input neutralization during web page generation . Reported CVSS v3.1 metrics indicate a base score of 7.1 (HIGH) with n...
CVE-2026-42738
The CVE-2026-42738 entry concerns the WordPress Clover-based plugin Smart Online Order for Clover (clover-online-orders), affected versions up to and including 1.6.0. A stored XSS flaw arises from improper neutralization of input during web page generation, enabling malicious input to be stored a...
CVE-2026-42737 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.9 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...
CVE-2026-42736
BP Better Messages WordPress plugin ≤ 2.14.16 is affected by an Insecure Direct Object Reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key due to misconfigured access controls. Affected component: BP Better Messages plugin for WordPress; root cause: impro...
CVE-2026-42738 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...
CVE-2026-42735 WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
CVE-2026-42733 WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through = 1.3.1...
CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...
CVE-2026-42728 WordPress HT Contact Form 7 plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through = 2.8.2...
CVE-2026-42730 WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.7.29...
CVE-2026-42738 WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through = 1.6.0...