371466 matches found
CVE-2026-57348
CVE-2026-57348 affects WordPress plugin Paid Member Subscriptions (versions <= 3.0.4). An unauthenticated server-side request forgery (SSRF) vulnerability exists in this plugin, enabling an attacker to induce the server to fetch arbitrary resources. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C...
CVE-2026-57347
CVE-2026-57347 affects the WordPress plugin Hotel Booking Lite
CVE-2026-57345
The CVE-2026-57345 entry concerns WordPress Internal Links Manager plugin versions <= 3.0.3 and describes an Unauthenticated Cross Site Scripting (XSS) vulnerability. The connected Patchstack reference confirms an XSS flaw in WordPress Internal Links Manager
CVE-2026-57344
Summary: Unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Classified Listing plugin (versions <= 5.4.2). Affected product: WordPress Classified Listing plugin.Versions:
CVE-2026-57343
CVE-2026-57343 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Real Estate 7 theme, affected
CVE-2026-57342
The CVE-2026-57342 entry concerns the WordPress ShortPixel Adaptive Images plugin, affected versions are
CVE-2026-49779
CVE-2026-49779 concerns the WordPress plugin Tax Exempt for WooCommerce (versions
CVE-2026-42382
CVE-2026-42382 concerns WordPress Audrey theme versions <= 1.5 with an Unauthenticated Local File Inclusion (LFI) vulnerability. The connected patches and CVE records identify the affected product (Audrey theme
CVE-2026-39448
The CVE highlights an Unauthenticated Broken Access Control issue in the WordPress NOWPayments for WooCommerce plugin, affecting versions <= 1.4.0. The vulnerability type is explicitly described as Broken Access Control, with no user interaction required and no privileges granted to attackers....
CVE-2026-27436
The CVE covers WordPress plugin Five Star Business Profile and Schema (versions
CVE-2026-27433
The CVE concerns the WordPress Motors theme (
CVE-2026-27430
CVE-2026-27430 affects the WordPress TheFox theme (
CVE-2026-27426
CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme
CVE-2026-27425
CVE-2026-27425 details (normal mode): Unauthenticated, reflected Cross-Site Scripting (XSS) vulnerability affecting WordPress Automotive Listings plugin, versions up to and including 18.6. The issue is due to a reflected XSS flaw in the plugin’s input handling, allowing an attacker to craft a mal...
CVE-2026-27419
CVE-2026-27419 affects WordPress Zegen theme versions
CVE-2026-27414
CVE-2026-27414 details (provided): WordPress Werkstatt theme
CVE-2026-27412
Affected software: WordPress Pearl – Corporate Business theme (versions <= 3.4.10). Vulnerability: Local File Inclusion (LFI) that is unauthenticated. Root cause/tech details: Unauthenticated LFI present in Pearl – Corporate Business
CVE-2026-27408
CVE-2026-27408 affects WordPress NativeChurch theme versions
CVE-2026-27404
CVE-2026-27404 concerns WordPress LMS theme <= 9.7 with a reflected Cross Site Scripting (XSS) vulnerability. The issue is described as unauthenticated XSS in LMS <= 9.7 versions. CVSS v3.1 base score is 7.1 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L; attack vector: NET...
CVE-2026-27402
CVE-2026-27402 refers to an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress theme set for Kids Life | Children School, affected in versions