365752 matches found
CVE-2026-42663
CVE-2026-42663 affects WordPress plug‑in Simple Membership (versions ≤ 4.7.2). Unauthenticated Cross Site Scripting (XSS) vulnerability reported. Connected sources confirm the impact type but do not provide concrete exploit details, affected files, root cause, or remediation steps within the supp...
CVE-2026-42661
Affected software : WordPress WP Customer Area plugin
CVE-2026-42660
CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...
CVE-2026-42659
The CVE concerns WordPress plugin “Advanced Form Integration” (versions
CVE-2026-42658
The CVE-2026-42658 entry concerns the WordPress Classified Listing plugin, affected versions
CVE-2026-42657
CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...
CVE-2026-42656
CVE-2026-42656 affects the WordPress Contest Gallery plugin
CVE-2026-42655
CVE-2026-42655 affects the WordPress plugin “Best Payments Plugin for WP” (versions ≤ 4.6.19). The vulnerability is an unauthenticated payment bypass (unvalidated access) in the plugin, enabling bypass without credentials. CVSS‑3.1 base score 5.9 (MEDIUM) with attack vector Network, attack comple...
CVE-2026-42650
The CVE-2026-42650 entry concerns the WordPress AutomatorWP plugin (versions
CVE-2026-42651
CVE-2026-42651 affects the WordPress Classified Listing plugin (versions
CVE-2026-42649
CVE-2026-42649 concerns the WordPress plugin Favicon Rotator (versions
CVE-2026-42640
WordPress Classified Listing plugin vulnerable to Unauthenticated Broken Access Control in versions <= 5.3.8. Affected software: WordPress Classified Listing plugin (
CVE-2026-42639
CVE-2026-42639 concerns the WordPress plugin GD Rating System (versions
CVE-2026-42386
The CVE-2026-42386 entry concerns the WordPress Order Delivery Date for WooCommerce plugin (versions
CVE-2026-42411
CVE-2026-42411 affects the WordPress CloudSecure WP Security plugin (versions
CVE-2026-42384
CVE-2026-42384 concerns the WordPress plugin “Simply Schedule Appointments” (versions prior to 1.6.11.2). The entry documents an unauthenticated, sensitive data exposure vulnerability affecting this plugin. The vulnerability is described as exposing sensitive data without authentication, with a C...
CVE-2026-42378
CVE-2026-42378 concerns the WordPress plugin WP Full Stripe Free (versions
CVE-2026-42381
CVE-2026-42381 affects WordPress Funnel Builder by FunnelKit plugin versions
CVE-2026-41556
CVE-2026-41556 concerns the WordPress ProfilePress plugin (versions <= 4.16.13) with a Cross Site Scripting (XSS) vulnerability. According to the CVE record, the issue affects ProfilePress
CVE-2026-40798
WPForo Forum plugin for WordPress <= 3.0.4 is affected by an unauthenticated SQL injection vulnerability. The CVE entry cites unauthenticated SQL Injection in wpForo Forum <= 3.0.4, with CVSSv3.1 base score 9.3 (CRITICAL) and impact TIC: Confidentiality High, Availability Low, no privileges...
CVE-2026-40799
CVE-2026-40799 affects the WordPress plugin Simple Cloudflare Turnstile (versions
CVE-2026-40796
CVE-2026-40796 affects WordPress WPPizza plugin versions
CVE-2026-40794
The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...
CVE-2026-40795
The CVE-2026-40795 entry documents a Broken Access Control issue in the WordPress Amelia plugin, affecting versions <= 2.2. The vulnerability targets subscriber access rights, with the CVSS 3.1 base score of 6.5 (Medium), indicating potential high impact on integrity (I) and no confidentiality...
CVE-2026-40793
CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg < 4.4.1. The connected documents corroborate that the vulnerabil...
CVE-2026-40791
CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions
CVE-2026-40792
The vulnerability concerns the WordPress KiviCare plugin (versions
CVE-2026-40790
The CVE-2026-40790 entry concerns the WordPress WP SMS plugin, versions ≤ 7.2.1, with a Subscriber Sensitive Data Exposure vulnerability. The connected data specify a network-accessible issue with low attacker privileges, no user interaction, and high confidentiality impact (CVSS v3.1 base 6.5, M...
CVE-2026-40788
CVE-2026-40788 affects WordPress ChatBot plugin versions
CVE-2026-40789
CVE-2026-40789 affects WordPress Amelia plugin (versions
CVE-2026-40787
The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...
CVE-2026-40785
CVE-2026-40785 concerns WordPress AutomatorWP plugin
CVE-2026-40782
CVE-2026-40782 : Unauthenticated Broken Access Control in WordPress WPAdverts plugin (versions
CVE-2026-40781
CVE-2026-40781 affects the WordPress ReviewX plugin ≤ 2.3.6. Root cause: unauthenticated broken authentication vulnerability leading to high-severity impact (CVSSv3.1 base score 7.5; Network attack vector, no user interaction, no privileges required; integrity impact HIGH). Affected software is t...
CVE-2026-40779
CVE-2026-40779 affects the WordPress WordPress Link Library plugin, version
CVE-2026-40776
CVE-2026-40776 affects the WP Event Solution (Eventin) plugin up to version 4.1.8, where unauthenticated requests can trigger Broken Access Control. The root cause involves three permission checks that accept a wp_rest nonce as authentication, plus an IDOR-prone Order endpoint and an open seat-bo...
CVE-2026-40775
WordPress plugin Royal MCP (for the WordPress ecosystem) is affected up to version 1.4.2. The CVE describes an Unauthenticated Broken Access Control vulnerability, i.e., an attacker without credentials can access restricted functionality. The CVSS metrics (CVSS:3.1, AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:...
CVE-2026-40774
CVE-2026-40774 concerns the WordPress Booking Package plugin (versions
CVE-2026-40773
The CVE covers WordPress plugin rtMedia for WordPress, BuddyPress and bbPress, vulnerable in versions
CVE-2026-40772
CVE-2026-40772 pertains to the WordPress plugin GeekyBot (versions
CVE-2026-40771
CVE-2026-40771 affects the WordPress Contest Gallery plugin and is an unauthenticated SQL Injection vulnerability in versions
CVE-2026-40770
CVE-2026-40770 concerns the WordPress plugin Coupon Affiliates (versions
CVE-2026-40769
The CVE-2026-40769 entry concerns the WordPress plugin “Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field” (versions
CVE-2026-40767
The CVE concerns WordPress wpForo Forum plugin, affected versions before 3.0.2, showing Unauthenticated Broken Access Control. The description indicates unauthenticated access via a network vector with no user interaction, affecting confidentiality (high) while other impacts are not noted. CVSSv3...
CVE-2026-40766
CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions
CVE-2026-40743
CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions
CVE-2026-40762
The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL
CVE-2026-40741
CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...
CVE-2026-40727
The CVE covers WordPress Groundhogg plugin versions ≤ 4.4, vulnerable to Arbitrary File Deletion in the Sales Representative component. The root cause details are not fully provided, but the CVSSv3.1 score is 7.7 (HIGH) with Network attack vector, low attack complexity, privilege requirement, and...
CVE-2026-40732
CVE-2026-40732 affects the WordPress plugin Notification for Telegram (versions ≤ 3.5). The issue is an unauthenticated Cross Site Scripting (XSS) vulnerability, with the root cause not explicitly described in the provided documents. The Patchstack entry assigns a CVSS v3.1 base score of 7.1 (HIG...