Cve - Vulnerabilities List

CVE-2026-57667 WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

CVE-2026-57665 WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...

CVE-2026-57664 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

CVE-2026-57663 WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...

CVE-2026-57662 WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

CVE-2026-57661 WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

5.4CVSS

CVE-2026-57660 WordPress Booking and Rental Manager plugin <= 2.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...

CVE-2026-57659 WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS

CVE-2026-57657 WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

CVE•added 25 minutes ago•10 views

CVE-2026-57658 WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability

Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...

9.1CVSS

CVE-2026-57656 WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...

5.9CVSS

CVE-2026-57654 WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability

Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...

CVE-2026-57655 WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS

CVE-2026-57653 WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

CVE-2026-57651 WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

CVE-2026-57650 WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Magazine Blocks = 1.8.3 versions...

CVE-2026-57648 WordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerability

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

CVE-2026-57646 WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS

CVE-2026-57647 WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS

CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS

CVE-2026-57644 WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

CVE-2026-57643 WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

CVE-2026-57642 WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Gallery = 4.7.8 versions...

CVE-2026-57640 WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability

Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...

CVE-2026-57641 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

CVE-2026-57638 WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...

CVE•added 25 minutes ago•14 views

CVE-2026-57636 WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

CVE-2026-57637 WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...

CVE-2026-57633 WordPress WCBoost – Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...

CVE-2026-57634 WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability

Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...

CVE-2026-57632 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...

5.4CVSS

CVE-2026-57631 WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability

Administrator SQL Injection in Popup box = 6.0.1 versions...

7.6CVSS

CVE-2026-57630 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...

CVE-2026-57629 WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...

CVE-2026-57627 WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...

4.9CVSS

CVE-2026-57628 WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS

CVE-2026-57622 WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPCafe = 3.0.14 versions...

CVE-2026-57617 WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in SeedProd Pro 6.19.5 versions...

CVE-2026-57618 WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...

CVE-2026-57431 WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

CVE-2026-57325 WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in NanoMag = 1.8 versions...

CVE-2026-57430 WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability

Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...

CVE-2026-57324 WordPress GIFT4U plugin <= 1.0.10 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in GIFT4U = 1.0.10 versions...

CVE-2026-57323 WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS

CVE-2026-57322 WordPress weMail plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in weMail = 2.1.2 versions...

CVE•added 25 minutes ago•2 views

CVE-2026-57319 WordPress FOX plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in FOX = 1.4.8 versions...

CVE•added 25 minutes ago•2 views

CVE-2026-57321 WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...