162349 matches found
CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-54196 WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...
CVE-2026-54192 WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Popup box = 6.2.9 versions...
CVE-2026-54189 WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...
CVE-2026-54186 WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in JobSearch = 3.2.9 versions...
CVE-2026-54187 WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine = 3.8.10.1 versions...
CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...
CVE-2026-52706 WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in JetEngine = 3.8.10 versions...
CVE-2026-52698 WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin <= 4.2.3 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...
CVE-2026-52696 WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in JetBlog = 2.4.8 versions...
CVE-2026-49084 WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine 3.8.9.1 versions...
CVE-2026-49081 WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.12 versions...
CVE-2026-49079 WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSearch = 3.5.17 versions...
CVE-2026-49075 WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability
Contributor PHP Object Injection in JetEngine = 3.8.9.1 versions...
CVE-2026-49074 WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.9.1 versions...
CVE-2026-49072 WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud = 7.2.6 versions...
CVE-2026-49071 WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...
CVE-2026-49058 WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...
CVE-2026-48875 WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSmartFilters = 3.8.1 versions...
CVE-2026-45436 WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in WPBakery Page Builder = 8.7.2 versions...
CVE-2026-42629 WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in PowerPack Pro for Elementor v2.13.0 versions...
CVE-2026-42385 WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Profile Builder Pro = 3.15.0 versions...
CVE-2026-42380 WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in AI Lab 5.4.2 versions...
CVE-2026-41557 WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Kapee 1.7.1 versions...
CVE-2026-40783 WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution RCE in Blocksy Companion Pro = 2.1.37 versions...
CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2026-40765 WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...
CVE-2026-40753 WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EasyMeals = 1.5.1 versions...
CVE-2026-40749 WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
CVE-2026-40747 WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
CVE-2026-40746 WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...
CVE-2026-40735 WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Reina = 2.1 versions...
CVE-2026-40731 WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...
CVE-2026-40726 WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
CVE-2026-40725 WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WooCommerce Product Filters 2.0.6 versions...
CVE-2026-40724 WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability
CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...
CVE-2026-40723 WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
CVE-2026-40721 WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...
CVE-2026-39597 WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPZOOM Addons for Elementor = 1.3.4 versions...
CVE-2026-39596 WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
Unauthenticated SQL Injection in Blocksy Companion Pro 2.1.29 versions...
CVE-2026-39595 WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability
Author Broken Access Control in W3 Total Cache = 2.9.1 versions...
CVE-2026-39589 WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...
CVE-2026-39582 WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...
CVE-2026-39573 WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...
CVE-2026-39558 WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Malmö = 2.2 versions...
CVE-2026-39546 WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...
CVE-2026-39545 WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zermatt = 1.6.1 versions...
CVE-2026-39537 WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Mikado Core = 1.6 versions...
CVE-2026-34888 WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bricksforge = 3.1.8.4 versions...