365733 matches found
CVE-2026-48713
CVE-2026-48713 affects i18next-fs-backend prior to 2.6.6. The issue arises when crafted missing-key strings are persisted via missingKeyHandler, where Backend.writeFile() splits keys on keySeparator and the path walker could reach Object.prototype (e.g., a key like "proto .polluted"), allowing pr...
CVE-2026-52703
The CVE-2026-52703 entry concerns WordPress plugin FastDup (versions ≤ 2.7.2) with an unauthenticated path traversal vulnerability. The issue arises in the FastDup code path that allows traversal of the file system without authentication, enabling access to restricted files. Connected sources con...
CVE-2026-52702
CVE-2026-52702 affects the WordPress plugin “SEO Redirection” (versions ≤ 9.17). The vulnerability is an unauthenticated Cross Site Scripting (XSS) flaw reported in multiple sources. The connected documents identify the affected product and version range and confirm an XSS impact but do not provi...
CVE-2026-52700
WordPress plugin WCMultiShipping (versions
CVE-2026-52699
Summary: CVE-2026-52699 affects the WordPress VikRentCar plugin, versions
CVE-2026-52697
CVE-2026-52697 affects the WordPress Taskbuilder plugin (versions <= 5.0.7). The vulnerability is an SQL Injection in the Taskbuilder component, with CVSSv3.1 metrics indicating a high-severity issue (8.5) that is network-exploitable, requires low privileges, and does not require user interact...
CVE-2026-52695
CVE-2026-52695 affects the WordPress plugin ABC Crypto Checkout (versions
CVE-2026-52694
CVE-2026-52694 concerns the WordPress Signature Add-On for WooCommerce plugin, affected versions
CVE-2026-52692
Affected software: WordPress Affiliates Manager plugin (WordPress)
CVE-2026-52693
The CVE-2026-52693 entry concerns the WordPress plugin “eCommerce Product Catalog” (versions
CVE-2026-49781
The CVE-2026-49781 entry describes an unauthenticated PHP Object Injection in the WordPress OttoKit plugin, affected versions
CVE-2026-49780
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-49776
CVE-2026-49776 concerns the WordPress GPTranslate plugin, affected versions
CVE-2026-49775
CVE-2026-49775 affects WordPress Welcart e-Commerce plugin versions
CVE-2026-49770
CVE-2026-49770 affects the WordPress WP Travel Engine plugin (
CVE-2026-49773
CVE-2026-49773 refers to a Cross Site Scripting (XSS) vulnerability in WordPress FV Flowplayer Video Player plugin versions earlier than 7.5.51.7212. The vulnerability is described as a Subscriber XSS issue; CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, required user interactio...
CVE-2026-49769
CVE-2026-49769 describes an unauthenticated PHP Object Injection flaw in the WordPress plugin wpForo Forum, versions up to 3.1.0. The vulnerability is caused by insecure object deserialization in the plugin and is exploitable without authentication, potentially impacting confidentiality, integrit...
CVE-2026-49768
CVE-2026-49768 affects the WordPress plugin Happyforms (versions ≤ 1.26.13). The vulnerability is an unauthenticated PHP Object Injection in Happyforms, caused by an unsafe object deserialization path. Impact is described as high for confidentiality, integrity, and availability, with a CVSS 3.1 b...
CVE-2026-49766
CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...
CVE-2026-49765
The CVE-2026-49765 entry concerns the WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin (versions <= 1.1.8). The connected sources confirm unauthenticated PHP Object Injection as the vulnerability, with a CVSS 3.1 base score of 9.8 (CRITICAL) and im...
CVE-2026-49764
CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...
CVE-2026-49763
CVE-2026-49763 concerns the WordPress plugin “WordPress Integration for Contact Form 7 HubSpot” (versions
CVE-2026-49110
The CVE-2026-49110 entry concerns the WordPress plugin Upsell Order Bump Offer for WooCommerce, affected in versions <= 3.1.4. It describes an Unauthenticated Broken Authentication vulnerability enabling price manipulation in Upsell Order Bump offers. CVSSv3.1 metrics indicate Network attack v...
CVE-2026-49112
CVE-2026-49112: Unauthenticated Path Traversal in WordPress Shared Files plugin
CVE-2026-49109
CVE-2026-49109 concerns the WordPress plugin set “Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions
CVE-2026-49105
CVE-2026-49105 concerns the WordPress plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms, with affected versions
CVE-2026-49106
The CVE-2026-49106 entry concerns the WordPress plugin “Integration for Contact Form 7 and Constant Contact” (versions ≤ 1.1.6). The vulnerability is an unauthenticated PHP Object Injection in that integration, enabling an attacker to potentially manipulate PHP objects without authentication. The...
CVE-2026-49104
CVE-2026-49104 affects the WordPress plugin “Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions
CVE-2026-49085
CVE-2026-49085 affects the WP Insightly plugin for WordPress when used with Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms (versions
CVE-2026-49083
Summary: CVE-2026-49083 affects the WordPress LatePoint plugin and is a privilege-escalation vulnerability in versions ≤ 5.5.1. What’s affected: WordPress LatePoint plugin (versions up to and including 5.5.1). Impact (as per provided metrics): CVSS 3.1 base score 7.5 (High), with network attack v...
CVE-2026-49082
CVE-2026-49082 affects the WordPress plugin Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons (versions ≤ 1.4.8). The connected sources describe a Sensitive Data Exposure vulnerability in this plugin, with CVSSv3.1 base score 7.4 (HIGH) and network a...
CVE-2026-49070
CVE-2026-49070 affects the WordPress Knit Pay plugin (versions
CVE-2026-49078
Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.
CVE-2026-49068
The CVE concerns the WordPress Coupon Affiliates plugin (versions
CVE-2026-49067
CVE-2026-49067 : Unauthenticated SQL injection affecting the WordPress plugin “Advanced 301 and 302 Redirect” (versions
CVE-2026-49066
CVE-2026-49066 : Unauthenticated sensitive data exposure in the WordPress plugin Conekta Payment Gateway (versions
CVE-2026-49065
The CVE applies to WordPress Hippoo Mobile App for WooCommerce plugin versions
CVE-2026-49063
The CVE-2026-49063 entry concerns the WordPress Listdom plugin, versions up to 5.5.0, with an Unauthenticated Privilege Escalation vulnerability. The connected documents confirm the affected product (Listdom), the vulnerable versions (
CVE-2026-49061
CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions
CVE-2026-49056
CVE-2026-49056 concerns the WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin, versions
CVE-2026-49043
The CVE-2026-49043 entry concerns the WordPress WP Migrate Lite plugin, versions <= 2.7.8, with an unauthenticated Cross Site Request Forgery (CSRF) vulnerability. According to the connected data, the issue is attributed to CSRF within WP Migrate Lite (
CVE-2026-49055
WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7 (versions
CVE-2026-48970
The CVE affects WordPress the Really Simple SSL plugin (versions
CVE-2026-48966
The CVE concerns the WordPress Funnel Builder by FunnelKit plugin (versions
CVE-2026-48965
The CVE-2026-48965 entry concerns the WordPress XCloner plugin (versions
CVE-2026-48964
CVE-2026-48964 affects the WordPress ELEX HelpDesk & Customer Ticketing System plugin (versions
CVE-2026-48887
CVE-2026-48887 affects the WordPress JS Help Desk plugin ≤ 3.0.9 with an unauthenticated Broken Access Control flaw. Documents note unauthorized access control weakness but do not provide root cause details or a stated remediation; Patchstack is cited as the source. Exploitation status is not des...
CVE-2026-48889
The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions <= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...
CVE-2026-48886
The CVE-2026-48886 entry describes an unauthenticated SQL Injection in WordPress JS Help Desk plugin versions
CVE-2026-48885
CVE-2026-48885 concerns a Cross-Site Scripting (XSS) vulnerability in the WordPress HollerBox plugin for versions ≤ 2.3.10.1. The issue is described as unauthenticated XSS. The PatchStack entry assigns a CVSS v3.1 base score of 7.1 (HIGH), with network attack vector, no privileges required, user ...