368646 matches found
CVE-2026-57763
CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.
CVE-2026-57762
CVE-2026-57762: A Cross Site Scripting (XSS) vulnerability affects WordPress Simple URLs plugin versions
CVE-2026-57759
CVE-2026-57759: Unauthenticated CSRF in WordPress ProfileGrid plugin (versions
CVE-2026-57761
CVE-2026-57761 concerns the WordPress theme SEOWP, affected in versions <= 3.12.2. The vulnerability is described as Unauthenticated CSRF . Several connected sources also frame the issue as a CSRF leading to Stored XSS in SEOWP
CVE-2026-57758
CVE-2026-57758 corresponds to an unauthenticated CSRF in the WordPress Permalink Manager for WooCommerce plugin, affecting versions
CVE-2026-57757
CVE-2026-57757 concerns the WordPress plugin pCloud WP Backup (versions
CVE-2026-57756
CVE-2026-57756 affects the WordPress plugin nicen-localize-image
CVE-2026-57755
CVE-2026-57755 describes a Contributor Cross Site Scripting (XSS) vulnerability in the WordPress plugin Mosaic Gallery – Advanced Gallery, affected versions
CVE-2026-57754
CVE-2026-57754 is a cross-site scripting (XSS) vulnerability in the WordPress plugin Livemesh Addons for WPBakery Page Builder
CVE-2026-57753
The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...
CVE-2026-57752
The CVE-2026-57752 entry covers a Contributor SQL Injection in the WordPress iNET Webkit plugin version 1.2.4. The vulnerability is described without attack details; CVSS 3.1 base score 8.5 (Network attack, Low complexity, Privileges Required: Low, User Interaction: None, Confidentiality Impact: ...
CVE-2026-57751
The CVE-2026-57751 entry concerns the WordPress plugin Heateor Social Login (versions
CVE-2026-57750
The CVE-2026-57750 entry concerns the WordPress plugin ez Form Calculator Premium (versions up to and including 2.14.1.2). The vulnerability is described as Unauthenticated Broken Access Control , implying that unauthenticated users can access or manipulate resources they should not be able to. T...
CVE-2026-57749
CVE-2026-57749 is a Local File Inclusion vulnerability in the WordPress SportsPress Pro plugin, affecting versions up to and including 2.7.29. The issue is documented across multiple feeds (NVD, CVE List, CIRCL, AttackersKB, EUVD, etc.). The reported CVSS v3.1 metrics indicate a high overall impa...
CVE-2026-57748
CVE-2026-57748 describes a Local File Inclusion vulnerability in the WordPress Shopify plugin for Shopify integrations, affecting versions up to 1.0.0. The available sources confirm the vulnerability class and affected product/version, but do not provide explicit root-cause details beyond LFI, ex...
CVE-2026-57747
CVE-2026-57747 is an unauthenticated CSRF vulnerability in the WordPress Booked plugin
CVE-2026-57746
CVE-2026-57746 concerns the WordPress Booked plugin (versions up to and including 3.0.0) where a Broken Access Control vulnerability is described. The Initial document notes only the affected software and version range, with the impact stated as access control issues; no root cause, affected file...
CVE-2026-57731
Technical details for CVE-2026-57731 are not publicly available in the provided documents. Monitor for updates. Current records indicate a Broken Access Control issue in Flatsome
CVE-2026-57730
CVE-2026-57730 concerns the WordPress Flatsome theme (
CVE-2026-57690
The CVE-2026-57690 entry documents an unauthenticated Cross Site Request Forgery (CSRF) in the WordPress Werkstatt theme versions ≤ 4.7.2. The vulnerability affects the Werkstatt theme (WordPress plugin/theme) and is described as CSRF without details on exploit vectors beyond unauthenticated acce...