161068 matches found
CVE-2026-57760 WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29...
CVE-2026-57678 WordPress Slider Revolution plugin 7.0.0-7.0.16 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16...
CVE-2026-56037 WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3...
CVE-2026-57766 WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
Contributor SQL Injection in WP EasyCart = 5.9.0 versions...
CVE-2026-57764 WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...
CVE-2026-57763 WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Structured Content = 1.7.0 versions...
CVE-2026-57762 WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting XSS in Simple URLs = 151 versions...
CVE-2026-57759 WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
CVE-2026-57761 WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability
Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...
CVE-2026-57758 WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
CVE-2026-57756 WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability
Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...
CVE-2026-57754 WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Livemesh Addons for WPBakery Page Builder = 3.9.4 versions...
CVE-2026-57755 WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in Mosaic Gallery Advanced Gallery = 1.2.0 versions...
CVE-2026-57753 WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...
CVE-2026-57752 WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
Contributor SQL Injection in iNET Webkit 1.2.4 versions...
CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
CVE-2026-57750 WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in ez Form Calculator Premium = 2.14.1.2 versions...
CVE-2026-57749 WordPress SportsPress Pro plugin <= 2.7.29 - Local File Inclusion vulnerability
Contributor Local File Inclusion in SportsPress Pro = 2.7.29 versions...
CVE-2026-57748 WordPress Shopify plugin <= 1.0.0 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Shopify = 1.0.0 versions...
CVE-2026-57746 WordPress Booked plugin <= 3.0.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Booked = 3.0.0 versions...
CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57731 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Contributor Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57730 WordPress Flatsome theme <= 3.20.5 - Broken Access Control vulnerability
Subscriber Broken Access Control in Flatsome = 3.20.5 versions...
CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57689 WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57688 WordPress POS Entegratör plugin <= 3.7.103 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in POS Entegratör = 3.7.103 versions...
CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability
Contributor SQL Injection in Custom Field Template = 2.7.8 versions...
CVE-2026-57686 WordPress WowAddons plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WowAddons = 1.6.14 versions...
CVE-2026-57685 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
CVE-2026-57684 WordPress TheFox theme <= 3.9.70 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in TheFox = 3.9.70 versions...
CVE-2026-57683 WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...
CVE-2026-57682 WordPress Simple Link Directory plugin <= 15.0.5 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Simple Link Directory = 15.0.5 versions...
CVE-2026-57681 WordPress GeoDirectory plugin <= 2.8.161 - Server Side Request Forgery (SSRF) vulnerability
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
CVE-2026-57680 WordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Kirki = 6.0.11 versions...
CVE-2026-57679 WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeekyBot = 1.2.5 versions...
CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...
CVE-2026-57675 WordPress WP Photo Album Plus plugin <= 9.2.02.004 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Photo Album Plus = 9.2.02.004 versions...
CVE-2026-57674 WordPress Timetics plugin <= 1.0.58 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Timetics = 1.0.58 versions...
CVE-2026-57673 WordPress Optimole plugin <= 4.2.7 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Optimole = 4.2.7 versions...
CVE-2026-57672 WordPress wpDataTables plugin <= 6.5.1.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in wpDataTables = 6.5.1.1 versions...
CVE-2026-57671 WordPress perfmatters plugin <= 2.6.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.4 versions...
CVE-2026-57670 WordPress Google Maps CP plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...
CVE-2026-57669 WordPress Advanced Contact form 7 DB plugin <= 2.0.9 - Broken Access Control vulnerability
Subscriber Broken Access Control in Advanced Contact form 7 DB = 2.0.9 versions...
CVE-2026-57625 WordPress Admin and Site Enhancements (ASE) Pro plugin <= 8.8.5 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...
CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability
Unauthenticated Remote Code Execution RCE in Blocksy Companion Pro = 2.1.46 versions...
CVE-2026-57623 WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability
Unauthenticated Arbitrary Code Execution in W3 Total Cache = 2.9.4 versions...
CVE-2026-57426 WordPress Modula - PRO plugin <= 2.10.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Modula - PRO = 2.10.8 versions...
CVE-2026-57366 WordPress WPAdverts plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WPAdverts = 2.3.1 versions...