368666 matches found
CVE-2026-57624
CVE-2026-57624 : Unauthenticated Remote Code Execution in WordPress Blocksy Companion Pro plugin (versions
CVE-2026-57623
CVE-2026-57623 affects the WordPress W3 Total Cache plugin (versions
CVE-2026-57621
CVE-2026-57621 : Unauthenticated PHP Object Injection in the WordPress plugin Booktics (versions ≤ 1.0.21). Root cause as stated is PHP object injection in Booktics ≤ 1.0.21. CVSS 3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction, and impact to confidentiality, integri...
CVE-2026-57426
The provided data identifies an Unauthenticated Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Modula – PRO , versions ≤ 2.10.8. Affected component is the Modula – PRO plugin for WordPress. The entry does not specify the root cause, affected files/functions, or the exact payload...
CVE-2026-57366
CVE-2026-57366 : Unauthenticated cross-site scripting in the WordPress WPAdverts plugin (versions
CVE-2026-57362
CVE-2026-57362 affects WordPress ChatBot plugin versions ≤ 8.3.2 and is described as unauthenticated reflected XSS. The CVSSv3.1 base score is 7.1 (HIGH) with network attack vector, low confidentiality/integrity/availability impact, user interaction required. The provided documents do not specify...
CVE-2026-57361
The CVE-2026-57361 entry affects the WordPress Survey Maker plugin ≤ 5.2.2.5, describing an unauthenticated Cross-Site Scripting (XSS) vulnerability. The provided documents specify the vulnerable software and vulnerability type, but do not include technical details about the root cause, impact sp...
CVE-2026-57360
CVE-2026-57360 affects the WordPress plugin eCommerce Product Catalog (versions ≤ 3.5.4). The vulnerability is an Unauthenticated Cross Site Scripting (XSS) issue. The connected documents provide the affected product and vulnerability type, with no exploit details or remediation/version fix infor...
CVE-2026-57359
CVE-2026-57359 concerns the WordPress plugin ReviewX (versions
CVE-2026-57358
CVE-2026-57358 affects the WordPress plugin Customize My Account for WooCommerce
CVE-2026-57357
CVE-2026-57357 affects the WordPress plugin “Search Atlas SEO” (versions
CVE-2026-57356
CVE-2026-57356 is an unauthenticated Cross Site Scripting (XSS) vulnerability affecting the WordPress MC Woocommerce Wishlist plugin version ≤ 1.9.19. The issue, identified in the CVE record, does not specify exploitation status or a confirmed fix within the provided documents. The CVSS base scor...
CVE-2026-57355
The WordPress Classified Listing plugin ≤ 5.4.2 has a Broken Access Control vulnerability. Affected software: Classified Listing plugin for WordPress (versions ≤ 5.4.2). Root cause: insufficient access checks. Impact: according to CVSS 3.1 metrics (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) with a base...
CVE-2026-57354
The CVE-2026-57354 entry describes a Subscriber Cross Site Scripting (XSS) vulnerability in the WordPress JetReviews plugin limited to versions
CVE-2026-57353
The CVE concerns WordPress Link Whisper Premium plugin <= 2.9.0 with a Broken Access Control issue. The accompanying CVSS data (Patchstack, v3.1) indicates an external attack over network, with low privileges and no user interaction, potentially affecting integrity (I: High) while confidential...
CVE-2026-57352
CVE-2026-57352 concerns the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (
CVE-2026-57351
CVE-2026-57351 affects the WordPress plugin HandL UTM Grabber up to version 2.9.2, with an unauthenticated XSS vulnerability. The connected documents provide the vulnerability type and affected software but do not supply root cause specifics, exploit details, or a remediation. CVSS data (3.1) fro...
CVE-2026-57350
WP Debugging plugin for WordPress with versions ≤2.12.2 is affected by an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVE entry specifies the vulnerable component as the WP Debugging plugin and lists CVSS v3.1 base score 7.1 (High) with Network attack vector, no privileges requi...
CVE-2026-57348
CVE-2026-57348 affects WordPress plugin Paid Member Subscriptions (versions <= 3.0.4). An unauthenticated server-side request forgery (SSRF) vulnerability exists in this plugin, enabling an attacker to induce the server to fetch arbitrary resources. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C...
CVE-2026-57349
CVE-2026-57349 affects the WordPress plugin WPeMatico RSS Feed Fetcher (versions