Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56038 |
|
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
|
| CVE-2026-56047 |
|
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
|
| CVE-2026-56041 |
|
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
|
| CVE-2026-56043 |
|
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
|
| CVE-2026-56040 |
|
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
|
| CVE-2026-56039 |
|
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
|
| CVE-2026-56044 |
|
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
|
| CVE-2026-56045 |
|
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
|
| CVE-2026-56064 |
|
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
Subscriber SQL Injection in Tourfic <= 2.22.5 versions.
|
| CVE-2026-56011 |
|
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
|
| CVE-2026-30041 |
|
Vulnerability in dos (CVE-2026-30041)
vulnerability in dos (CVE-2026-30041). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56008 |
|
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
|
| CVE-2026-56010 |
|
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
|
| CVE-2025-68052 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.
|
| CVE-2026-57877 |
|
Vulnerability in dos (CVE-2026-57877)
vulnerability in dos (CVE-2026-57877). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57872 |
|
Path Traversal in path-traversal (CVE-2026-57872)
path traversal in path-traversal (CVE-2026-57872). Confidential information can be exposed externally.
|
| CVE-2026-57876 |
|
Out-of-Bounds Write in dos (CVE-2026-57876)
out-of-bounds write in dos (CVE-2026-57876). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57875 |
|
Vulnerability in dos (CVE-2026-57875)
vulnerability in dos (CVE-2026-57875). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57874 |
|
Vulnerability in dos (CVE-2026-57874)
vulnerability in dos (CVE-2026-57874). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57873 |
|
Vulnerability in dos (CVE-2026-57873)
vulnerability in dos (CVE-2026-57873). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10835 |
|
Vulnerability in wordpress (CVE-2026-10835)
vulnerability in wordpress (CVE-2026-10835). Confidential information can be exposed externally.
|
| CVE-2026-12975 |
|
XXE (XML External Entity) in ssrf (CVE-2026-12975)
vulnerability in ssrf (CVE-2026-12975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11800 |
|
Vulnerability in privilege-escalation (CVE-2026-11800)
vulnerability in privilege-escalation (CVE-2026-11800). Confidential information can be exposed externally.
|
| CVE-2025-71324 |
|
Vulnerability in path-traversal (CVE-2025-71324)
vulnerability in path-traversal (CVE-2025-71324). Confidential information can be exposed externally.
|
| CVE-2026-40083 |
|
SQL Injection in sqli (CVE-2026-40083)
SQL injection in sqli (CVE-2026-40083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38637 |
|
Vulnerability in dos (CVE-2026-38637)
vulnerability in dos (CVE-2026-38637). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37149 |
|
SQL Injection in sqli (CVE-2026-37149)
SQL injection in sqli (CVE-2026-37149). Confidential information can be exposed externally.
|
| CVE-2026-57520 |
|
Vulnerability in privilege-escalation (CVE-2026-57520)
vulnerability in privilege-escalation (CVE-2026-57520). Data can be tampered with by attackers.
|
| CVE-2026-38640 |
|
Vulnerability in dos (CVE-2026-38640)
vulnerability in dos (CVE-2026-38640). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12340 |
|
Out-of-Bounds Read in dos (CVE-2026-12340)
vulnerability in dos (CVE-2026-12340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55958 |
|
Vulnerability in dos (CVE-2026-55958)
vulnerability in dos (CVE-2026-55958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56790 |
|
Vulnerability in c (CVE-2026-56790)
vulnerability in c (CVE-2026-56790). Data can be tampered with by attackers.
|
| CVE-2025-60464 |
|
Use-After-Free in c (CVE-2025-60464)
vulnerability in c (CVE-2025-60464). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56766 |
|
Vulnerability in CVE-2026-56766 (CVE-2026-56766)
vulnerability in CVE-2026-56766 (CVE-2026-56766). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9086 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)
cross-site scripting in redhat (CVE-2026-9086). Confidential information can be exposed externally.
|
| CVE-2026-45233 |
|
Path Traversal in path-traversal (CVE-2026-45233)
path traversal in path-traversal (CVE-2026-45233). Data can be tampered with by attackers.
|
| CVE-2026-55412 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55412)
SSRF in ssrf (CVE-2026-55412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
|
| CVE-2026-54033 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-13351 |
|
Vulnerability in dos (CVE-2026-13351)
vulnerability in dos (CVE-2026-13351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56071 |
|
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
|
| CVE-2026-56051 |
|
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
|
| CVE-2026-56049 |
|
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
|
| CVE-2026-56122 |
|
Path Traversal in path-traversal (CVE-2026-56122)
path traversal in path-traversal (CVE-2026-56122). Confidential information can be exposed externally.
|
| CVE-2026-56005 |
|
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
|
| CVE-2026-56006 |
|
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
|
| CVE-2026-56014 |
|
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
|
| CVE-2026-54838 |
|
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
|
| CVE-2026-54829 |
|
SQL Injection in sqli (CVE-2026-54829)
SQL injection in sqli (CVE-2026-54829). Confidential information can be exposed externally.
|
| CVE-2026-56042 |
|
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
|
| CVE-2026-49506 |
|
Path Traversal in path-traversal (CVE-2026-49506)
path traversal in path-traversal (CVE-2026-49506). Successful exploitation can lead to full system takeover.
|