|
CVE-2026-3652
|
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
High
|
WordPress
Cross-Site Scripting
Cwe 79
PHP
|
il y a 2 semaines
|
|
CVE-2026-5415
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
WordPress
Authentication Bypass
Cwe 288
PHP
|
il y a 1 mois
|
|
CVE-2026-5411
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
PHP
WordPress
Remote Code Execution
Cwe 434
|
il y a 1 mois
|
|
CVE-2026-1829
|
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
High
|
WordPress
Remote Code Execution
Cwe 94
PHP
|
il y a 1 mois
|
|
CVE-2026-39555
|
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
High
|
Insecure Deserialization
Cwe 502
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-39553
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
|
il y a 1 mois
|
|
CVE-2026-39552
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
+1
|
il y a 1 mois
|
|
CVE-2025-69369
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Local File Inclusion
|
il y a 1 mois
|
|
CVE-2025-68886
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
|
il y a 1 mois
|
|
CVE-2025-11262
|
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
High
|
WordPress
Cross-Site Scripting
Cwe 79
PHP
|
il y a 1 mois
|
|
CVE-2026-42762
|
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
High
|
Cross-Site Scripting
Cwe 79
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42760
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|
High
|
WordPress
Authentication Bypass
Cwe 288
|
il y a 1 mois
|
|
CVE-2026-42753
|
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
|
High
|
Cwe 862
WordPress
Authentication Bypass
|
il y a 1 mois
|
|
CVE-2026-42745
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
High
|
Authentication Bypass
Cwe 288
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42737
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
High
|
Path Traversal
Cwe 22
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42736
|
|
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
|
High
|
Cwe 639
WordPress
IDOR
|
il y a 1 mois
|
|
CVE-2026-42735
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
High
|
Authentication Bypass
Cwe 288
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42730
|
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
High
|
SQL Injection
Cwe 89
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2021-47959
|
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
High
|
WordPress
Denial of Service
Cwe 770
PHP
|
il y a 1 mois
|
|
CVE-2026-4094
|
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
High
|
WordPress
Cwe 862
PHP
Cross-Site Request Forgery
|
il y a 1 mois
|
|
CVE-2026-41902
|
|
Vulnérabilité dans laravel (CVE-2026-41902)
vulnérabilité dans laravel (CVE-2026-41902). Des informations confidentielles peuvent être exposées. Exploitable via `Referer header`.
|
Critical
|
PHP
Laravel
Cwe 613
Authentication Bypass
+8
|
il y a 2 mois
|
|
CVE-2026-36458
|
|
Injection de code dans sqli (CVE-2026-36458)
injection de code dans sqli (CVE-2026-36458). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
SQL Injection
Cwe 94
Chestnutcms
Cms
+13
|
il y a 2 mois
|