363761 matches found
CVE-2026-57638
Contributor Cross Site Scripting XSS in Fluent Booking = 2.1.0 versions...
CVE-2026-57640
Subscriber Broken Access Control in MasterStudy LMS = 3.7.30 versions...
CVE-2026-57637
Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...
CVE-2026-57635
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
CVE-2026-57642
Contributor SQL Injection in Gallery = 4.7.8 versions...
CVE-2026-57631
Administrator SQL Injection in Popup box = 6.0.1 versions...
CVE-2026-57632
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...
CVE-2026-57630
Unauthenticated Insecure Direct Object References IDOR in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57633
Unauthenticated Sensitive Data Exposure in WCBoost Products Compare = 1.1.0 versions...
CVE-2026-57628
Administrator SQL Injection in WP All Import = 4.0.1 versions...
CVE-2026-57627
Subscriber Server Side Request Forgery SSRF in Kirki = 6.0.11 versions...
CVE-2026-57634
Contributor Insecure Direct Object References IDOR in PPWP = 1.9.19 versions...
CVE-2026-57629
Contributor Cross Site Scripting XSS in StatCounter = 2.1.1 versions...
CVE-2026-57617
Contributor Cross Site Scripting XSS in SeedProd Pro 6.19.5 versions...
CVE-2026-57622
Subscriber Broken Access Control in WPCafe = 3.0.14 versions...
CVE-2026-57618
Contributor Cross Site Scripting XSS in Neve PRO = 3.1.2 versions...
CVE-2026-57430
Contributor Broken Access Control in SEOPress PRO = 9.1.1 versions...
CVE-2026-57325
Unauthenticated Cross Site Scripting XSS in NanoMag = 1.8 versions...
CVE-2026-57527
Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...
CVE-2026-57324
Unauthenticated Broken Access Control in GIFT4U = 1.0.10 versions...
CVE-2026-57431
Author Cross Site Scripting XSS in Featured Image = 2.1 versions...
CVE-2026-57319
Unauthenticated Cross Site Scripting XSS in FOX = 1.4.8 versions...
CVE-2026-57316
Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...
CVE-2026-57322
Unauthenticated Cross Site Scripting XSS in weMail = 2.1.2 versions...
CVE-2026-57323
Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...
CVE-2026-57317
Unauthenticated Cross Site Scripting XSS in Simply Schedule Appointments = 1.6.12.2 versions...
CVE-2026-57315
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.45 versions...
CVE-2026-57318
Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...
CVE-2026-57321
Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...
CVE-2026-57314
Unauthenticated Cross Site Scripting XSS in SureCart = 4.3.2 versions...
CVE-2026-57313
Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...
CVE-2026-56072
Unauthenticated Cross Site Scripting XSS in WoodMart = 8.5.3 versions...
CVE-2026-57312
Unauthenticated Cross Site Scripting XSS in Everest Forms = 3.4.8 versions...
CVE-2026-56773
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...
CVE-2026-56069
Unauthenticated Insecure Direct Object References IDOR in Toolset Forms = 2.6.24 versions...
CVE-2026-56070
Unauthenticated SQL Injection in Advance Product Search = 1.4.4 versions...
CVE-2026-56067
Unauthenticated SQL Injection in JetSmartFilters = 3.8.3 versions...
CVE-2026-56068
Unauthenticated SQL Injection in JetEngine = 3.8.10.2 versions...
CVE-2026-56057
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56060
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...
CVE-2026-56066
Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...
CVE-2026-56058
Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...
CVE-2026-56059
Subscriber Arbitrary File Upload in Travel Booking = 2.2.5 versions...
CVE-2026-56062
Unauthenticated SQL Injection in Quotes llama = 3.1.5 versions...
CVE-2026-56064
Subscriber SQL Injection in Tourfic = 2.22.5 versions...
CVE-2026-56063
Unauthenticated Broken Access Control in MailChimp Block = 1.1.15 versions...
CVE-2026-56061
Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...
CVE-2026-56043
Unauthenticated Cross Site Scripting XSS in Customer Reviews for WooCommerce = 5.110.1 versions...
CVE-2026-56046
Subscriber Cross Site Scripting XSS in ListingPro = 2.9.11 versions...
CVE-2026-56045
Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...