365930 matches found
CVE-2026-40799
CVE-2026-40799 affects the WordPress plugin Simple Cloudflare Turnstile (versions
CVE-2026-40796
CVE-2026-40796 affects WordPress WPPizza plugin versions
CVE-2026-40795
The CVE-2026-40795 entry documents a Broken Access Control issue in the WordPress Amelia plugin, affecting versions <= 2.2. The vulnerability targets subscriber access rights, with the CVSS 3.1 base score of 6.5 (Medium), indicating potential high impact on integrity (I) and no confidentiality...
CVE-2026-40794
The CVE concerns WordPress plugin myCred ≤ 3.0.3 with a Broken Access Control vulnerability. Affected software: WordPress plugin myCred (versions up to 3.0.3). The provided sources identify the issue but do not disclose the exact root cause, affected functions/files, or concrete impact details be...
CVE-2026-40793
CVE-2026-40793 concerns the WordPress Groundhogg plugin (versions earlier than 4.4.1) with a Broken Access Control vulnerability. The public description identifies the issue as a subscriber-level access control flaw in Groundhogg < 4.4.1. The connected documents corroborate that the vulnerabil...
CVE-2026-40792
The vulnerability concerns the WordPress KiviCare plugin (versions
CVE-2026-40791
CVE-2026-40791 affects the WordPress plugin WP Time Slots Booking Form (versions
CVE-2026-40790
The CVE-2026-40790 entry concerns the WordPress WP SMS plugin, versions ≤ 7.2.1, with a Subscriber Sensitive Data Exposure vulnerability. The connected data specify a network-accessible issue with low attacker privileges, no user interaction, and high confidentiality impact (CVSS v3.1 base 6.5, M...
CVE-2026-40788
CVE-2026-40788 affects WordPress ChatBot plugin versions
CVE-2026-40789
CVE-2026-40789 affects WordPress Amelia plugin (versions
CVE-2026-40787
The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...
CVE-2026-40782
CVE-2026-40782 : Unauthenticated Broken Access Control in WordPress WPAdverts plugin (versions
CVE-2026-40785
CVE-2026-40785 concerns WordPress AutomatorWP plugin
CVE-2026-40781
CVE-2026-40781 affects the WordPress ReviewX plugin ≤ 2.3.6. Root cause: unauthenticated broken authentication vulnerability leading to high-severity impact (CVSSv3.1 base score 7.5; Network attack vector, no user interaction, no privileges required; integrity impact HIGH). Affected software is t...
CVE-2026-40779
CVE-2026-40779 affects the WordPress WordPress Link Library plugin, version
CVE-2026-40776
CVE-2026-40776 affects the WP Event Solution (Eventin) plugin up to version 4.1.8, where unauthenticated requests can trigger Broken Access Control. The root cause involves three permission checks that accept a wp_rest nonce as authentication, plus an IDOR-prone Order endpoint and an open seat-bo...
CVE-2026-40775
WordPress plugin Royal MCP (for the WordPress ecosystem) is affected up to version 1.4.2. The CVE describes an Unauthenticated Broken Access Control vulnerability, i.e., an attacker without credentials can access restricted functionality. The CVSS metrics (CVSS:3.1, AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:...
CVE-2026-40774
CVE-2026-40774 concerns the WordPress Booking Package plugin (versions
CVE-2026-40773
The CVE covers WordPress plugin rtMedia for WordPress, BuddyPress and bbPress, vulnerable in versions
CVE-2026-40772
CVE-2026-40772 pertains to the WordPress plugin GeekyBot (versions
CVE-2026-40771
CVE-2026-40771 affects the WordPress Contest Gallery plugin and is an unauthenticated SQL Injection vulnerability in versions
CVE-2026-40770
CVE-2026-40770 concerns the WordPress plugin Coupon Affiliates (versions
CVE-2026-40769
The CVE-2026-40769 entry concerns the WordPress plugin “Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field” (versions
CVE-2026-40767
The CVE concerns WordPress wpForo Forum plugin, affected versions before 3.0.2, showing Unauthenticated Broken Access Control. The description indicates unauthenticated access via a network vector with no user interaction, affecting confidentiality (high) while other impacts are not noted. CVSSv3...
CVE-2026-40766
CVE-2026-40766 concerns the WordPress MasterStudy LMS plugin (versions
CVE-2026-40743
CVE-2026-40743 corresponds to an Unauthenticated Broken Access Control in the WordPress Tutor LMS plugin, versions
CVE-2026-40762
The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL
CVE-2026-40741
CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...
CVE-2026-40732
CVE-2026-40732 affects the WordPress plugin Notification for Telegram (versions ≤ 3.5). The issue is an unauthenticated Cross Site Scripting (XSS) vulnerability, with the root cause not explicitly described in the provided documents. The Patchstack entry assigns a CVSS v3.1 base score of 7.1 (HIG...
CVE-2026-40727
The CVE covers WordPress Groundhogg plugin versions ≤ 4.4, vulnerable to Arbitrary File Deletion in the Sales Representative component. The root cause details are not fully provided, but the CVSSv3.1 score is 7.7 (HIGH) with Network attack vector, low attack complexity, privilege requirement, and...
CVE-2026-39594
CVE-2026-39594 affects the WordPress plugin Ultra Addons for WPForms (versions
CVE-2026-39587
CVE-2026-39587 affects WordPress WP BASE Booking plugin versions
CVE-2026-39591
The CVE-2026-39591 entry concerns the WordPress WP-BusinessDirectory plugin up to version 4.0.0, where a Subscriber Arbitrary File Upload vulnerability is reported. Connected sources confirm the affected product and vulnerability class but do not provide exploit details or mitigation steps beyond...
CVE-2026-39584
CVE-2026-39584 documents a Broken Access Control vulnerability in the WordPress RepairBuddy plugin, affecting versions
CVE-2026-39583
The CVE-2026-39583 entry concerns WordPress plugin Datalogics Ecommerce Delivery (versions
CVE-2026-39579
CVE-2026-39579 affects the WordPress plugin B Blocks up to version 2.0.31 . The vulnerability is a privilege escalation in contributor level, with a high impact (CVE metrics: CVSS 3.1 base score 8.8, scope UNCHANGED, confidentiality/integrity/availability all HIGH). Affected component is the plug...
CVE-2026-39534
WP Directory Kit plugin for WordPress, versions
CVE-2026-39540
CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...
CVE-2026-39533
The CVE-2026-39533 entry concerns the WordPress AWP Classifieds plugin (versions
CVE-2026-39530
CVE-2026-39530 involves the WordPress plugin SpeakOut! Email Petitions, affecting versions
CVE-2026-39532
The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...
CVE-2026-39527
The CVE-2026-39527 entry concerns the WordPress WpStream plugin. Affected product: WordPress WpStream plugin versions prior to 4.11.2. Vulnerable component/behavior: Arbitrary File Upload under the Subscriber role, enabling an attacker with low privileges to upload arbitrary files. Root cause: de...
CVE-2026-39525
The CVE-2026-39525 entry documents an unauthenticated broken access control in the WordPress Booking Activities plugin, affected versions ≤ 1.16.48.1. The vulnerability allows unauthenticated actors to access or modify data via the plugin’s functionality (impact per CVSS: Confidentiality: None, I...
CVE-2026-39524
CVE-2026-39524 affects the WordPress Masteriyo LMS plugin <= 2.1.5. The vulnerability is described as Unauthenticated Broken Access Control, enabling a payment bypass vulnerability without authentication. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no ...
CVE-2026-39519
CVE-2026-39519 affects the WordPress plugin GeekyBot (versions <= 1.2.0). The vulnerability is an unauthenticated SQL Injection in GeekyBot
CVE-2026-39515
The WordPress Motors plugin for WordPress, versions prior to 1.4.107, contains a Broken Access Control vulnerability that involves the Subscriber role. The issue enables unauthorized actions due to access control weaknesses in Motors
CVE-2026-39518
The CVE pertains to WordPress EventPrime plugin versions
CVE-2026-39514
The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress plugin Paid Member Subscriptions (versions up to 2.17.3 ). The issue is triggered via reflected input, affecting the plugin’s handling of user-supplied data and potentially enabling code execu...
CVE-2026-39513
CVE-2026-39513 affects the WordPress Easy Appointments plugin for versions up to 3.12.21, with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product, version range, and vulnerability type but do not provide exploitation details, confirmed roo...
CVE-2026-39512
WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...