365752 matches found
CVE-2026-49070
CVE-2026-49070 affects the WordPress Knit Pay plugin (versions
CVE-2026-49078
Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.
CVE-2026-49068
The CVE concerns the WordPress Coupon Affiliates plugin (versions
CVE-2026-49067
CVE-2026-49067 : Unauthenticated SQL injection affecting the WordPress plugin “Advanced 301 and 302 Redirect” (versions
CVE-2026-49066
CVE-2026-49066 : Unauthenticated sensitive data exposure in the WordPress plugin Conekta Payment Gateway (versions
CVE-2026-49065
The CVE applies to WordPress Hippoo Mobile App for WooCommerce plugin versions
CVE-2026-49063
The CVE-2026-49063 entry concerns the WordPress Listdom plugin, versions up to 5.5.0, with an Unauthenticated Privilege Escalation vulnerability. The connected documents confirm the affected product (Listdom), the vulnerable versions (
CVE-2026-49061
CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions
CVE-2026-49056
CVE-2026-49056 concerns the WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin, versions
CVE-2026-49043
The CVE-2026-49043 entry concerns the WordPress WP Migrate Lite plugin, versions <= 2.7.8, with an unauthenticated Cross Site Request Forgery (CSRF) vulnerability. According to the connected data, the issue is attributed to CSRF within WP Migrate Lite (
CVE-2026-49055
WordPress plugin Drag and Drop Multiple File Upload – Contact Form 7 (versions
CVE-2026-48970
The CVE affects WordPress the Really Simple SSL plugin (versions
CVE-2026-48966
The CVE concerns the WordPress Funnel Builder by FunnelKit plugin (versions
CVE-2026-48965
The CVE-2026-48965 entry concerns the WordPress XCloner plugin (versions
CVE-2026-48964
CVE-2026-48964 affects the WordPress ELEX HelpDesk & Customer Ticketing System plugin (versions
CVE-2026-48887
CVE-2026-48887 affects the WordPress JS Help Desk plugin ≤ 3.0.9 with an unauthenticated Broken Access Control flaw. Documents note unauthorized access control weakness but do not provide root cause details or a stated remediation; Patchstack is cited as the source. Exploitation status is not des...
CVE-2026-48889
The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions <= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...
CVE-2026-48886
The CVE-2026-48886 entry describes an unauthenticated SQL Injection in WordPress JS Help Desk plugin versions
CVE-2026-48885
CVE-2026-48885 concerns a Cross-Site Scripting (XSS) vulnerability in the WordPress HollerBox plugin for versions ≤ 2.3.10.1. The issue is described as unauthenticated XSS. The PatchStack entry assigns a CVSS v3.1 base score of 7.1 (HIGH), with network attack vector, no privileges required, user ...
CVE-2026-48883
CVE-2026-48883 concerns the WordPress plugin WPC Product Bundles for WooCommerce (versions <= 8.5.3) with an Unauthenticated Broken Access Control vulnerability. The available references indicate unauthenticated access to restricted functionality, with CVSS 3.1 base score 7.5 (HIGH) and impact...
CVE-2026-48881
Summary: CVE-2026-48881 affects the WordPress TrueBooker plugin (
CVE-2026-48882
CVE-2026-48882 is a SQL Injection vulnerability in WordPress Plugin WP Time Slots Booking Form (versions
CVE-2026-48880
WP Job Portal (WordPress) plugin
CVE-2026-48876
CVE-2026-48876 is an unauthenticated XSS in the WordPress Stop Spammers plugin (versions
CVE-2026-48878
The CVE-2026-48878 entry describes a Sensitive Data Exposure vulnerability in the WordPress Visual Link Preview plugin up to version 2.4.1. Affected software: WordPress Visual Link Preview plugin (versions
CVE-2026-48874
The CVE documents an SQL Injection in WordPress GamiPress plugin versions
CVE-2026-48872
CVE-2026-48872 relates to the WordPress WordPress EmbedPress plugin (versions
CVE-2026-48873
CVE-2026-48873 affects the WordPress plugin Montonio for WooCommerce (versions ≤ 10.1.2). The issue is Unauthenticated Broken Access Control in this plugin, allowing unauthenticated access to protected functionality (impact: high integrity impact; confidentiality/availability not affected per the...
CVE-2026-48871
The MW WP Form WordPress plugin, versions ≤ 5.1.3, has an unauthenticated Cross Site Scripting (XSS) vulnerability. The provided documents do not specify the exact vulnerable component, root cause, exploit details, or a remediation version. Exploitation status is not described. Monitor Patchstack...
CVE-2026-48870
CVE-2026-48870 affects the WordPress plugin King Addons for Elementor (versions
CVE-2026-48868
The CVE-2026-48868 entry concerns the WordPress WordPress Simple Shopping Cart plugin (versions
CVE-2026-48867
The CVE-2026-48867 entry concerns the WordPress plugin Quiz And Survey Master (versions
CVE-2026-48838
CVE-2026-48838 covers an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Post SMTP plugin, versions
CVE-2026-48836
The CVE-2026-48836 entry concerns the WordPress Easy Invoice plugin (versions ≤ 2.1.19) with an unauthenticated Remote Code Execution (RCE) vulnerability. According to connected sources, an RCE exists in Easy Invoice up to 2.1.19; the Patchstack listing notes a critical CVSS 3.1 vector (AV:N/AC:L...
CVE-2026-48835
The CVE-2026-48835 entry concerns WordPress WPForms Contact Form plugin (<= 1.10.0.4). The vulnerability is an unauthenticated Broken Access Control in the contact form feature, per Patchstack and CVE metadata. Affected software: WordPress plugin WPForms Lite (Contact Form by WPForms)
CVE-2026-45441
CVE-2026-45441 affects the WordPress WpEvently plugin up to version 5.3.3. It is described as unauthenticated, of the “Other Vulnerability Type”, with CVSSv3.1 base score 7.5 (NETWORK, LOW attack complexity, PR/NONE, I/H, UI/NONE). The provided documents do not specify the exact root cause, vulne...
CVE-2026-45439
CVE-2026-45439 is a reported unauthenticated SQL injection in the WordPress plugin “ Realtyna Organic IDX” (plugin version
CVE-2026-45437
The CVE-2026-45437 entry concerns the WordPress Product Filter Widget for Elementor plugin (versions
CVE-2026-42775
The CVE-2026-42775 issue affects the WordPress plugin AutomatorWP (versions ≤ 5.7.2). It is an unauthenticated Cross Site Scripting (XSS) vulnerability in AutomatorWP ≤ 5.7.2. The provided data lists a CVSS v3.1 base score of 7.1 (High) with network attack vector, no privileges required, and user...
CVE-2026-42752
The CVE-2026-42752 entry concerns the WordPress Stripe Payments plugin (versions up to 2.0.98). It describes an unauthenticated bypass vulnerability in Stripe Payments
CVE-2026-42743
The CVE concerns WordPress Masteriyo LMS plugin versions ≤ 2.1.8 with an Unauthenticated Broken Authentication vulnerability. Impact is described as low confidentiality and integrity (CVSS v3.1: 6.5, MEDIUM). The issue is in Masteriyo-LMS prior to or at 2.1.8, enabling access without authenticati...
CVE-2026-42688
The CVE details a Cross Site Scripting (XSS) vulnerability in WordPress Modula Image Gallery plugin, affected
CVE-2026-42687
The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...
CVE-2026-42668
CVE-2026-42668 affects WordPress plugin Email Marketing for WooCommerce by Omnisend (versions
CVE-2026-42686
WordPress EventPrime plugin
CVE-2026-42667
The CVE details an unauthenticated sensitive data exposure in the WordPress Bookly plugin, version
CVE-2026-42666
The WordPress Salon Booking System plugin versions
CVE-2026-42665
Summary (CVE-2026-42665): Unauthenticated SQL Injection in the WordPress plugin “WP Data Access” (versions
CVE-2026-42664
CVE-2026-42664 affects the WordPress plugin AI Product Search for WooCommerce – Motive Commerce Search, version
CVE-2026-42662
CVE-2026-42662 affects the WordPress Event Tickets plugin (versions