CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49104 WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

CVE-2026-49083 WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability

Contributor Privilege Escalation in LatePoint = 5.5.1 versions...

CVE-2026-49085 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49082 WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...

CVE-2026-49070 WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...

CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...

CVE-2026-49068 WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...

CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

CVE-2026-49067 WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-49063 WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...

CVE-2026-49056 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...

CVE-2026-49055 WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...

CVE-2026-49043 WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...

CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...

CVE-2026-48965 WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in XCloner = 4.8.6 versions...

CVE-2026-48966 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Funnel Builder by FunnelKit = 3.15.0.2 versions...

CVE-2026-48964 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...

CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Amelia = 2.3 versions...

CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...

CVE-2026-48886 WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

CVE-2026-48883 WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

CVE-2026-48885 WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

CVE-2026-48881 WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in TrueBooker = 1.1.9 versions...

CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...

CVE-2026-48880 WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...

CVE-2026-48878 WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.4.1 versions...

CVE-2026-48876 WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Stop Spammers = 2026.3 versions...

CVE-2026-48874 WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

CVE-2026-48873 WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...

CVE-2026-48872 WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

CVE-2026-48871 WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MW WP Form = 5.1.3 versions...

CVE-2026-48868 WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

CVE-2026-48870 WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in King Addons for Elementor = 51.1.62 versions...

CVE-2026-48867 WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...

CVE-2026-48836 WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE in Easy Invoice = 2.1.19 versions...

CVE-2026-48838 WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

CVE-2026-48835 WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Contact Form by WPForms = 1.10.0.4 versions...

CVE-2026-45439 WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

Unauthenticated SQL Injection in Realtyna Organic IDX plugin = 5.1.0 versions...

CVE-2026-45441 WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

CVE-2026-45437 WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Product Filter Widget for Elementor = 1.0.6 versions...

CVE-2026-42775 WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

CVE-2026-42752 WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Stripe Payments = 2.0.98 versions...

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

CVE-2026-42688 WordPress Modula Image Gallery plugin <= 2.14.23 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Modula Image Gallery = 2.14.23 versions...

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

CVE-2026-42686 WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...

CVE-2026-42668 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...