|
CVE-2026-57656
|
|
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57650
|
|
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57651
|
|
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57657
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
il y a 1 semaine
|
|
CVE-2026-57655
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.
|
High
|
Cross-Site Request Forgery
Cwe 352
|
il y a 1 semaine
|
|
CVE-2026-57659
|
|
CSRF dans csrf (CVE-2026-57659)
vulnérabilité dans csrf (CVE-2026-57659). L'exploitation peut entraîner la prise de contrôle totale du système.
|
High
|
Cross-Site Request Forgery
Cwe 352
|
il y a 1 semaine
|
|
CVE-2026-57641
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
il y a 1 semaine
|
|
CVE-2026-57627
|
|
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.
|
Medium
|
Server-Side Request Forgery
Cwe 918
|
il y a 1 semaine
|
|
CVE-2026-56070
|
|
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-56067
|
|
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-56068
|
|
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-57631
|
|
Administrator SQL Injection in Popup box <= 6.0.1 versions.
Administrator SQL Injection in Popup box <= 6.0.1 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-57628
|
|
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-57636
|
|
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-57629
|
|
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57431
|
|
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57315
|
|
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
|
High
|
Remote Code Execution
Cwe 94
|
il y a 1 semaine
|
|
CVE-2026-57618
|
|
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57322
|
|
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57325
|
|
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57617
|
|
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57317
|
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57319
|
|
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57313
|
|
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57637
|
|
CSRF dans csrf (CVE-2026-57637)
vulnérabilité dans csrf (CVE-2026-57637). Risque d'opérations non autorisées ou de divulgation.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
il y a 1 semaine
|
|
CVE-2026-57635
|
|
CSRF dans csrf (CVE-2026-57635)
vulnérabilité dans csrf (CVE-2026-57635). Les données peuvent être altérées par des attaquants.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
il y a 1 semaine
|
|
CVE-2026-57314
|
|
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56072
|
|
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57312
|
|
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-57527
|
|
Désérialisation non sécurisée dans deserialization (CVE-2026-57527)
vulnérabilité dans deserialization (CVE-2026-57527). L'exploitation peut entraîner la prise de contrôle totale du système.
|
High
|
Java
Insecure Deserialization
Cwe 502
|
il y a 1 semaine
|
|
CVE-2026-56026
|
|
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.
|
Medium
|
Server-Side Request Forgery
Cwe 918
|
il y a 1 semaine
|
|
CVE-2026-56034
|
|
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-56036
|
|
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-56064
|
|
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-56062
|
|
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-56046
|
|
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56045
|
|
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56044
|
|
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56047
|
|
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56041
|
|
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56043
|
|
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56040
|
|
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56039
|
|
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 1 semaine
|
|
CVE-2026-56038
|
|
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
|
High
|
Privilege Escalation
Cwe 862
|
il y a 1 semaine
|
|
CVE-2026-56033
|
|
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
|
Critical
|
Privilege Escalation
Cwe 266
|
il y a 1 semaine
|
|
CVE-2026-56028
|
|
Vulnérabilité dans privilege-escalation (CVE-2026-56028)
vulnérabilité dans privilege-escalation (CVE-2026-56028). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
Privilege Escalation
Cwe 266
|
il y a 1 semaine
|
|
CVE-2026-56030
|
|
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
|
Critical
|
Privilege Escalation
Cwe 266
|
il y a 1 semaine
|
|
CVE-2026-4339
|
|
SSRF (Falsification de requête côté serveur) dans ssrf (CVE-2026-4339)
SSRF dans ssrf (CVE-2026-4339). Des informations confidentielles peuvent être exposées.
|
Medium
|
Server-Side Request Forgery
Cwe 918
Mattermost
Mattermost Server
|
il y a 1 semaine
|
|
CVE-2026-54820
|
|
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|
|
CVE-2026-54825
|
|
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 1 semaine
|