161068 matches found
CVE-2026-57362 WordPress ChatBot plugin <= 8.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in ChatBot = 8.3.2 versions...
CVE-2026-57361 WordPress Survey Maker plugin <= 5.2.2.5 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Survey Maker = 5.2.2.5 versions...
CVE-2026-57360 WordPress eCommerce Product Catalog plugin <= 3.5.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in eCommerce Product Catalog = 3.5.4 versions...
CVE-2026-57359 WordPress ReviewX plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in ReviewX = 2.3.10 versions...
CVE-2026-57358 WordPress Customize My Account for WooCommerce plugin <= 4.3.9 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Customize My Account for WooCommerce = 4.3.9 versions...
CVE-2026-57357 WordPress Search Atlas SEO plugin <= 2.6.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Search Atlas SEO = 2.6.6 versions...
CVE-2026-57356 WordPress MC Woocommerce Wishlist plugin <= 1.9.19 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in MC Woocommerce Wishlist = 1.9.19 versions...
CVE-2026-57355 WordPress Classified Listing plugin <= 5.4.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Classified Listing = 5.4.2 versions...
CVE-2026-57354 WordPress JetReviews plugin <= 3.0.0.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in JetReviews = 3.0.0.1 versions...
CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...
CVE-2026-57352 WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...
CVE-2026-57351 WordPress HandL UTM Grabber plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in HandL UTM Grabber = 2.9.2 versions...
CVE-2026-57350 WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...
CVE-2026-57348 WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) vulnerability
Unauthenticated Server Side Request Forgery SSRF in Paid Member Subscriptions = 3.0.4 versions...
CVE-2026-57347 WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Hotel Booking Lite = 6.0.3 versions...
CVE-2026-57345 WordPress Internal Links Manager plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Internal Links Manager = 3.0.3 versions...
CVE-2026-57344 WordPress Classified Listing plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Classified Listing = 5.4.2 versions...
CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-57342 WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in ShortPixel Adaptive Images = 3.11.3 versions...
CVE-2026-49779 WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability
Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...
CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Audrey = 1.5 versions...
CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
CVE-2026-27436 WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability
Editor Arbitrary Code Execution in Five Star Business Profile and Schema = 2.3.19 versions...
CVE-2026-27430 WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in TheFox = 3.9.76 versions...
CVE-2026-27433 WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors = 5.6.80 versions...
CVE-2026-27426 WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Automotive Car Dealership Business = 13.3.3 versions...
CVE-2026-27425 WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Automotive Listings = 18.6 versions...
CVE-2026-27419 WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Zegen = 1.1.9 versions...
CVE-2026-27414 WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Werkstatt = 4.8.3 versions...
CVE-2026-27412 WordPress Pearl - Corporate Business theme <= 3.4.10 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Pearl - Corporate Business = 3.4.10 versions...
CVE-2026-27408 WordPress NativeChurch theme <= 4.8.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in NativeChurch = 4.8.8.2 versions...
CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...
CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
CVE-2025-69156 WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...
CVE-2025-69155 WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...
CVE-2025-69154 WordPress SpaLab | Beauty Salon WordPress Theme theme <= 6.7 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in SpaLab | Beauty Salon WordPress Theme = 6.7 versions...
CVE-2025-69153 WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Trendy Travel = 6.7 versions...
CVE-2025-69152 WordPress Artale | Wedding Photography WordPress theme <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Artale | Wedding Photography WordPress = 2.2.2 versions...
CVE-2025-69134 WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Deletion vulnerability
Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper = 1.1.4 versions...
CVE-2025-69133 WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability
Subscriber Local File Inclusion in Tourmaster = 5.4.5 versions...
CVE-2025-69132 WordPress Corpkit theme <= 1.0.5 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Corpkit = 1.0.5 versions...
CVE-2025-69094 WordPress Unicamp theme <= 2.2.2 - SQL Injection vulnerability
Subscriber SQL Injection in Unicamp = 2.2.2 versions...
CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
CVE-2025-58902 WordPress Lighthouse theme <= 1.2.12 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Lighthouse = 1.2.12 versions...
CVE-2026-11946 GetEndpoints Memory Exhaustion in open62541
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...
CVE-2026-54431 Improper Data Validation in liboauth2
In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...
CVE-2026-54430 Server-Site Request Forgery in liboauth2
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...
CVE-2026-8441 WP Review Slider Pro <= 12.7.2 - Unauthenticated SQL Injection via 'notinstring' Parameter
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...
CVE-2026-13369 Ninja Forms - File Uploads <= 3.3.29 - Unauthenticated Arbitrary File Read via File Upload Field 'files[].data.file_path' Parameter
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Arbitrary File Read via the attachfiles function in versions up to, and including, 3.3.29. This is due to the getfilesforattachment function accepting a raw attacker-controlled 'files' array when the process method returns early...
CVE-2026-13251 Perfmatters <= 2.6.4 - Unauthenticated Arbitrary File Read via 's' Parameter
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...