|
CVE-2026-57644
|
|
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57653
|
|
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57663
|
|
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57667
|
|
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
Sales Representative SQL Injection in Groundhogg <= 4.5 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57662
|
|
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57638
|
|
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57656
|
|
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57650
|
|
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57651
|
|
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57641
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
1 week ago
|
|
CVE-2026-57659
|
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57659)
vulnerability in csrf (CVE-2026-57659). Successful exploitation can lead to full system takeover.
|
High
|
Cross-Site Request Forgery
Cwe 352
|
1 week ago
|
|
CVE-2026-57655
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
|
High
|
Cross-Site Request Forgery
Cwe 352
|
1 week ago
|
|
CVE-2026-57657
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
1 week ago
|
|
CVE-2026-57627
|
|
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
|
Medium
|
Server-Side Request Forgery
Cwe 918
|
1 week ago
|
|
CVE-2026-56070
|
|
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
|
Critical
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-56067
|
|
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
|
Critical
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-56068
|
|
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
|
Critical
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57631
|
|
Administrator SQL Injection in Popup box <= 6.0.1 versions.
Administrator SQL Injection in Popup box <= 6.0.1 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57628
|
|
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57636
|
|
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-57312
|
|
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56072
|
|
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57314
|
|
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57313
|
|
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57319
|
|
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57317
|
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57617
|
|
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57325
|
|
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57322
|
|
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57618
|
|
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57431
|
|
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57629
|
|
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-57315
|
|
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
|
High
|
Remote Code Execution
Cwe 94
|
1 week ago
|
|
CVE-2026-57635
|
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57635)
vulnerability in csrf (CVE-2026-57635). Data can be tampered with by attackers.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
1 week ago
|
|
CVE-2026-57637
|
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57637)
vulnerability in csrf (CVE-2026-57637). Risk of unauthorized operations or information disclosure.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
1 week ago
|
|
CVE-2026-57527
|
|
Unsafe Deserialization in deserialization (CVE-2026-57527)
vulnerability in deserialization (CVE-2026-57527). Successful exploitation can lead to full system takeover.
|
High
|
Java
Insecure Deserialization
Cwe 502
|
1 week ago
|
|
CVE-2026-56026
|
|
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
|
Medium
|
Server-Side Request Forgery
Cwe 918
|
1 week ago
|
|
CVE-2026-56034
|
|
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
|
Critical
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-56036
|
|
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
|
Critical
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-56064
|
|
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
|
High
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-56062
|
|
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
|
Critical
|
SQL Injection
Cwe 89
|
1 week ago
|
|
CVE-2026-56039
|
|
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56040
|
|
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56043
|
|
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56041
|
|
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56047
|
|
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56044
|
|
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56045
|
|
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56046
|
|
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
1 week ago
|
|
CVE-2026-56030
|
|
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
|
Critical
|
Privilege Escalation
Cwe 266
|
1 week ago
|