|
CVE-2026-3652
|
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
High
|
WordPress
Cross-Site Scripting
Cwe 79
PHP
|
il y a 2 semaines
|
|
CVE-2026-5415
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
WordPress
Authentication Bypass
Cwe 288
PHP
|
il y a 1 mois
|
|
CVE-2026-5411
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
PHP
WordPress
Remote Code Execution
Cwe 434
|
il y a 1 mois
|
|
CVE-2026-1829
|
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
High
|
WordPress
Remote Code Execution
Cwe 94
PHP
|
il y a 1 mois
|
|
CVE-2026-39552
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
+1
|
il y a 1 mois
|
|
CVE-2026-39555
|
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
High
|
Insecure Deserialization
Cwe 502
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2025-68886
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Remote Code Execution
|
il y a 1 mois
|
|
CVE-2025-69369
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
Local File Inclusion
|
il y a 1 mois
|
|
CVE-2025-11262
|
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
High
|
WordPress
Cross-Site Scripting
Cwe 79
PHP
|
il y a 1 mois
|
|
CVE-2026-42760
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|
High
|
WordPress
Authentication Bypass
Cwe 288
|
il y a 1 mois
|
|
CVE-2026-42762
|
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
High
|
Cross-Site Scripting
Cwe 79
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42746
|
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
High
|
Cwe 201
PHP
WordPress
|
il y a 1 mois
|
|
CVE-2026-42753
|
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
|
High
|
Cwe 862
WordPress
Authentication Bypass
|
il y a 1 mois
|
|
CVE-2026-42735
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
High
|
Authentication Bypass
Cwe 288
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42736
|
|
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
|
High
|
Cwe 639
WordPress
IDOR
|
il y a 1 mois
|
|
CVE-2026-42737
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
High
|
Path Traversal
Cwe 22
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42745
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
High
|
Authentication Bypass
Cwe 288
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-42730
|
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
High
|
SQL Injection
Cwe 89
WordPress
PHP
|
il y a 1 mois
|
|
CVE-2026-46367
|
|
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
|
High
|
JavaScript
Cross-Site Scripting
Cwe 79
PHP
+1
|
il y a 1 mois
|
|
CVE-2026-46359
|
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
High
|
SQL Injection
Cwe 89
phpMyFAQ
PHP
+1
|
il y a 1 mois
|
|
CVE-2026-46366
|
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
High
|
Cwe 863
phpMyFAQ
PHP
Authentication Bypass
|
il y a 1 mois
|
|
CVE-2021-47959
|
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
High
|
WordPress
Denial of Service
Cwe 770
PHP
|
il y a 1 mois
|
|
CVE-2026-4094
|
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
High
|
WordPress
Cwe 862
PHP
Cross-Site Request Forgery
|
il y a 1 mois
|
|
CVE-2026-41940
KEV
|
|
[KEV] Vulnérabilité dans Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnérabilité dans Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risque d'opérations non autorisées ou de divulgation. Inscrit au CISA KEV — exploitation active confirmée.
|
High
|
Webpros
Cpanel Whm And Wp2 Wordpress Squared
Cwe 306
WordPress
+6
|
il y a 2 mois
|
|
CVE-2025-54236
KEV
|
|
[KEV] Vulnérabilité dans Adobe commerce (CVE-2025-54236)
vulnérabilité dans Adobe commerce (CVE-2025-54236). Des informations confidentielles peuvent être exposées. Inscrit au CISA KEV — exploitation active confirmée.
|
Critical
|
Cwe 20
Adobe
Commerce
Commerce B2B
+13
|
il y a 8 mois
|