364165 matches found
CVE-2026-40787
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-40776
Unauthenticated Broken Access Control in WP Event SOlution = 4.1.8 versions...
CVE-2026-40743
Unauthenticated Broken Access Control in Tutor LMS = 3.9.7 versions...
CVE-2026-40762
Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...
CVE-2026-40766
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
CVE-2026-40771
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
CVE-2026-40772
Unauthenticated Arbitrary File Upload in GeekyBot = 1.2.2 versions...
CVE-2026-40767
Unauthenticated Broken Access Control in wpForo Forum 3.0.2 versions...
CVE-2026-40770
Unauthenticated Cross Site Scripting XSS in Coupon Affiliates = 7.5.3 versions...
CVE-2026-40773
Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...
CVE-2026-40769
Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi Save Entries, File Upload & Country Code Field = 1.0.6 versions...
CVE-2026-39591
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
CVE-2026-40727
Sales Representative Arbitrary File Deletion in Groundhogg = 4.4 versions...
CVE-2026-39594
Subscriber Broken Access Control in Ultra Addons for WPForms = 1.0.11 versions...
CVE-2026-40741
Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...
CVE-2026-40732
Unauthenticated Cross Site Scripting XSS in Notification for Telegram = 3.5 versions...
CVE-2026-39583
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...
CVE-2026-39532
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
CVE-2026-39584
Subscriber Broken Access Control in RepairBuddy = 4.1132 versions...
CVE-2026-39540
Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...
CVE-2026-39579
Contributor Privilege Escalation in B Blocks = 2.0.31 versions...
CVE-2026-39533
Unauthenticated Broken Access Control in AWP Classifieds = 4.4.4 versions...
CVE-2026-39534
Unauthenticated Broken Access Control in WP Directory Kit = 1.5.0 versions...
CVE-2026-39587
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
CVE-2026-39530
Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...
CVE-2026-39519
Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...
CVE-2026-39524
Unauthenticated Broken Access Control in Masteriyo - LMS = 2.1.5 versions...
CVE-2026-39527
Subscriber Arbitrary File Upload in WpStream 4.11.2 versions...
CVE-2026-39514
Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...
CVE-2026-39518
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
CVE-2026-39515
Subscriber Broken Access Control in Motors 1.4.107 versions...
CVE-2026-39525
Unauthenticated Broken Access Control in Booking Activities = 1.16.48.1 versions...
CVE-2026-39513
Unauthenticated Broken Access Control in Easy Appointments = 3.12.21 versions...
CVE-2026-39503
Unauthenticated Broken Access Control in Easy Digital Downloads = 3.6.5 versions...
CVE-2026-39502
Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...
CVE-2026-39498
Shop manager PHP Object Injection in YayMail = 4.3.3 versions...
CVE-2026-39507
Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...
CVE-2026-39511
Unauthenticated SQL Injection in WP Photo Album Plus = 9.1.08.001 versions...
CVE-2026-39512
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39499
Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...
CVE-2026-39492
Unauthenticated SQL Injection in WP Maps = 4.9.1 versions...
CVE-2026-39489
Author Arbitrary File Download in Download Monitor = 5.1.9 versions...
CVE-2026-39474
Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...
CVE-2026-39478
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...
CVE-2026-39480
Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...
CVE-2026-39481
Author PHP Object Injection in Modula Image Gallery = 2.14.18 versions...
CVE-2026-39491
Subscriber Cross Site Scripting XSS in JupiterX Core = 4.14.1 versions...
CVE-2026-39493
Unauthenticated SQL Injection in Simply Schedule Appointments = 1.6.9.27 versions...
CVE-2026-39468
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39451
Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...