|
CVE-2026-39437
|
|
Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-8444
|
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
High
|
WordPress
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-6933
|
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
High
|
PHP
WordPress
Remote Code Execution
Cwe 434
|
3 weeks ago
|
|
CVE-2026-8443
|
|
SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
|
High
|
WordPress
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-52702
|
|
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-52697
|
|
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-52700
|
|
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-49780
|
|
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-49055
|
|
Cross-Site Scripting (XSS) in CVE-2026-49055 (CVE-2026-49055)
cross-site scripting in CVE-2026-49055 (CVE-2026-49055). Risk of unauthorized operations or information disclosure.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48966
|
|
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48964
|
|
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
|
High
|
WordPress
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-48889
|
|
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-49063
|
|
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-49112
|
|
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
|
High
|
Path Traversal
Cwe 35
|
3 weeks ago
|
|
CVE-2026-49083
|
|
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-48882
|
|
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-48885
|
|
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48871
|
|
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48874
|
|
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-48838
|
|
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48876
|
|
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48867
|
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42658
|
|
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42650
|
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42649
|
|
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42686
|
|
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42661
|
|
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
|
High
|
Path Traversal
Cwe 35
|
3 weeks ago
|
|
CVE-2026-42775
|
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-45437
|
|
Cross-Site Scripting (XSS) in CVE-2026-45437 (CVE-2026-45437)
cross-site scripting in CVE-2026-45437 (CVE-2026-45437). Risk of unauthorized operations or information disclosure.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40766
|
|
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-40791
|
|
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40787
|
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40770
|
|
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39587
|
|
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-39579
|
|
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-40762
|
|
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-40732
|
|
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39507
|
|
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39514
|
|
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39470
|
|
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-39463
|
|
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39447
|
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39449
|
|
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2025-68872
|
|
Cross-Site Scripting (XSS) in CVE-2025-68872 (CVE-2025-68872)
cross-site scripting in CVE-2025-68872 (CVE-2025-68872). Risk of unauthorized operations or information disclosure.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-23970
|
|
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-34902
|
|
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2025-68851
|
|
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-39435
|
|
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-34900
|
|
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-27333
|
|
Unsafe Deserialization in deserialization (CVE-2026-27333)
vulnerability in deserialization (CVE-2026-27333). Successful exploitation can lead to full system takeover.
|
High
|
Insecure Deserialization
Cwe 502
|
3 weeks ago
|