CVE-2026-42662 WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Event Tickets = 5.27.5 versions...

CVE-2026-42661 WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area = 8.3.4 versions...

CVE-2026-42659 WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerability

Subscriber Broken Access Control in Advanced Form Integration = 1.126.12 versions...

CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

CVE-2026-42658 WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.3.8 versions...

CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...

CVE-2026-42651 WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing = 5.3.9 versions...

CVE-2026-42650 WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.6.7 versions...

CVE-2026-42649 WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Favicon Rotator = 1.2.11 versions...

CVE-2026-42640 WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Classified Listing = 5.3.8 versions...

CVE-2026-42639 WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...

CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...

CVE-2026-42411 WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CloudSecure WP Security = 1.4.7 versions...

CVE-2026-42384 WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

CVE-2026-42381 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

CVE-2026-42378 WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Subscriber Broken Authentication in WP Full Stripe Free = 8.4.1 versions...

CVE-2026-41556 WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in ProfilePress = 4.16.13 versions...

CVE-2026-40798 WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...

CVE-2026-40799 WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile = 1.38.0 versions...

CVE-2026-40796 WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in WPPizza = 3.19.9 versions...

CVE-2026-40794 WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in myCred = 3.0.3 versions...

CVE-2026-40795 WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in Amelia = 2.2 versions...

CVE-2026-40793 WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Groundhogg 4.4.1 versions...

CVE-2026-40791 WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Time Slots Booking Form = 1.2.46 versions...

CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

CVE-2026-40790 WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...

CVE-2026-40788 WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

CVE-2026-40782 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WPAdverts = 2.3.0 versions...

CVE-2026-40785 WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability

Subscriber Broken Authentication in AutomatorWP = 5.6.7 versions...

CVE-2026-40781 WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ReviewX = 2.3.6 versions...

CVE-2026-40776 WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.8 versions...

CVE-2026-40779 WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Link Library = 7.8.8 versions...

CVE-2026-40775 WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Royal MCP = 1.4.2 versions...

CVE-2026-40774 WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package = 1.7.06 versions...

CVE-2026-40773 WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

CVE-2026-40772 WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...

CVE-2026-40771 WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

CVE-2026-40770 WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...

CVE-2026-40769 WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field plugin <= 1.0.6 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...

CVE-2026-40767 WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...

CVE-2026-40766 WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

CVE-2026-40743 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...

CVE-2026-40762 WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

CVE-2026-40732 WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...

CVE-2026-40727 WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...