372150 matches found
CVE-2026-57678
CVE-2026-57678 concerns the WordPress Slider Revolution plugin by ThemePunch, affecting versions 7.0.0 through 7.0.16. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability arising from improper neutralization of input during web page generation. The CVSSv3.1 metrics indicate a NETWOR...
CVE-2026-56037
The CVE-2026-56037 affects Themify Popup (WordPress plugin) ≤ 1.4.3. It describes a Deserialization of Untrusted Data vulnerability that allows PHP Object Injection through deserialized data. The underlying issue is the ability to inject or manipulate objects via untrusted input, enabling high-ri...
CVE-2026-57766
This CVE covers an Unauthenticated Cross Site Request Forgery (CSRF) in the WordPress WPIDE – File Manager & Code Editor plugin, affecting versions
CVE-2026-57765
WP EasyCart WordPress plugin versions
CVE-2026-57763
CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.
CVE-2026-57764
CVE-2026-57764 : Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Surbma | Yoast SEO Breadcrumb Shortcode, affecting versions
CVE-2026-57762
CVE-2026-57762: A Cross Site Scripting (XSS) vulnerability affects WordPress Simple URLs plugin versions
CVE-2026-57761
CVE-2026-57761 concerns the WordPress theme SEOWP, affected in versions <= 3.12.2. The vulnerability is described as Unauthenticated CSRF . Several connected sources also frame the issue as a CSRF leading to Stored XSS in SEOWP
CVE-2026-57759
CVE-2026-57759: Unauthenticated CSRF in WordPress ProfileGrid plugin (versions
CVE-2026-57758
CVE-2026-57758 corresponds to an unauthenticated CSRF in the WordPress Permalink Manager for WooCommerce plugin, affecting versions
CVE-2026-57757
CVE-2026-57757 concerns the WordPress plugin pCloud WP Backup (versions
CVE-2026-57756
CVE-2026-57756 affects the WordPress plugin nicen-localize-image
CVE-2026-57755
CVE-2026-57755 describes a Contributor Cross Site Scripting (XSS) vulnerability in the WordPress plugin Mosaic Gallery – Advanced Gallery, affected versions
CVE-2026-57754
CVE-2026-57754 is a cross-site scripting (XSS) vulnerability in the WordPress plugin Livemesh Addons for WPBakery Page Builder
CVE-2026-57753
The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...
CVE-2026-57752
The CVE-2026-57752 entry covers a Contributor SQL Injection in the WordPress iNET Webkit plugin version 1.2.4. The vulnerability is described without attack details; CVSS 3.1 base score 8.5 (Network attack, Low complexity, Privileges Required: Low, User Interaction: None, Confidentiality Impact: ...
CVE-2026-57751
The CVE-2026-57751 entry concerns the WordPress plugin Heateor Social Login (versions
CVE-2026-57750
The CVE-2026-57750 entry concerns the WordPress plugin ez Form Calculator Premium (versions up to and including 2.14.1.2). The vulnerability is described as Unauthenticated Broken Access Control , implying that unauthenticated users can access or manipulate resources they should not be able to. T...
CVE-2026-57749
CVE-2026-57749 is a Local File Inclusion vulnerability in the WordPress SportsPress Pro plugin, affecting versions up to and including 2.7.29. The issue is documented across multiple feeds (NVD, CVE List, CIRCL, AttackersKB, EUVD, etc.). The reported CVSS v3.1 metrics indicate a high overall impa...
CVE-2026-57748
CVE-2026-57748 describes a Local File Inclusion vulnerability in the WordPress Shopify plugin for Shopify integrations, affecting versions up to 1.0.0. The available sources confirm the vulnerability class and affected product/version, but do not provide explicit root-cause details beyond LFI, ex...