364882 matches found
CVE-2026-39597 WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
CVE-2026-39595 WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-39589 WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...
CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2026-39582 WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...
CVE-2026-39558 WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Malmö = 2.2 versions...
CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
CVE-2026-39537 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...
CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...
CVE-2026-27410 WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerability
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-27400 WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...
CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability
Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...
CVE-2026-25446 WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...
CVE-2026-24611 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in MetForm Pro = 3.9.1 versions...
CVE-2026-25439 WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability
Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...
CVE-2026-24610 WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MetForm Pro = 3.9.1 versions...
CVE-2026-24575 WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in WishList Member X = 3.29.0 versions...
CVE-2026-22343 WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WordPress Dating Theme = 11.2.0 versions...
CVE-2026-22342 WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability
Unauthenticated Cross Site Request Forgery CSRF in WordPress Dating Theme = 11.2.0 versions...
CVE-2026-22340 WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPJobster = 6.3.5 versions...
CVE-2026-22339 WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...
CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
CVE-2026-22334 WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Subscriber Arbitrary File Download in Woocommerce Book Price = 1.3 versions...
CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...
CVE-2026-22332 WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Tutor LMS Pro = 3.9.6 versions...
CVE-2026-22331 WordPress AutoParts theme <= 1.5.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...
CVE-2026-22330 WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-22329 WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Skillate = 1.2.10 versions...
CVE-2026-22328 WordPress Auto Repair theme <= 22.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...
CVE-2026-22327 WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...
CVE-2026-22326 WordPress Reprizo theme <= 1.0.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Reprizo = 1.0.8 versions...
CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
CVE-2026-9690 WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon = 4.0.1 versions...
CVE-2025-69179 WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...
CVE-2025-69173 WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Tipsy = 1.1 versions...
CVE-2025-69172 WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Resurs = 1.3 versions...
CVE-2025-69171 WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
CVE-2025-69161 WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Snowy = 1.13 versions...
CVE-2025-69148 WordPress Quirky theme <= 1.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Quirky = 1.23 versions...
CVE-2025-69145 WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Gat = 1.16 versions...
CVE-2025-69138 WordPress Genemy theme <= 1.6.6 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
CVE-2025-69117 WordPress Ingenioso theme <= 1.14.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Ingenioso = 1.14.0 versions...
CVE-2025-69110 WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...
CVE-2025-60223 WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...
CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability
Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...
CVE-2025-60205 WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in ThemeREX Addons = 2.36.1.1 versions...