163375 matches found
CVE-2026-52700 WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability
Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...
CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...
CVE-2026-52699 WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in VikRentCar = 1.4.5 versions...
CVE-2026-52695 WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout = 1.8.2 versions...
CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
CVE-2026-52694 WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
CVE-2026-52693 WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in eCommerce Product Catalog = 3.5.5 versions...
CVE-2026-52692 WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...
CVE-2026-49781 WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in OttoKit = 1.1.27 versions...
CVE-2026-49780 WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability
Customer Privilege Escalation in Dokan = 5.0.2 versions...
CVE-2026-49776 WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites = 2.32.6 versions...
CVE-2026-49775 WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Welcart e-Commerce = 2.11.28 versions...
CVE-2026-49773 WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...
CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49769 WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in wpForo Forum = 3.1.0 versions...
CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...
CVE-2026-49768 WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Happyforms = 1.26.13 versions...
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
CVE-2026-49765 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.8 versions...
CVE-2026-49763 WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot = 1.3.7 versions...
CVE-2026-49112 WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability
Unauthenticated Path Traversal in Shared Files = 1.7.64 versions...
CVE-2026-49110 WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vulnerability
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce = 3.1.4 versions...
CVE-2026-49109 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
CVE-2026-49106 WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
CVE-2026-49104 WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...
CVE-2026-49085 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
CVE-2026-49083 WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
Contributor Privilege Escalation in LatePoint = 5.5.1 versions...
CVE-2026-49082 WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons plugin <= 1.4.8 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Chatway Live Chat AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons = 1.4.8 versions...
CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
CVE-2026-49070 WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Knit Pay = 9.4.0.0 versions...
CVE-2026-49068 WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...
CVE-2026-49067 WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...
CVE-2026-49066 WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...
CVE-2026-49065 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...
CVE-2026-49063 WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...
CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...
CVE-2026-49056 WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...
CVE-2026-49043 WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in WP Migrate Lite = 2.7.8 versions...
CVE-2026-49055 WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Drag and Drop Multiple File Upload – Contact Form 7 = 1.3.9.7 versions...
CVE-2026-48970 WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Really Simple SSL = 9.5.10 versions...
CVE-2026-48966 WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Funnel Builder by FunnelKit = 3.15.0.2 versions...
CVE-2026-48965 WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in XCloner = 4.8.6 versions...
CVE-2026-48964 WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injection vulnerability
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...
CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48886 WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
CVE-2026-48885 WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...
CVE-2026-48883 WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48882 WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability
Subscriber SQL Injection in WP Time Slots Booking Form = 1.2.50 versions...