Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-42651 Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
CVE-2026-42666 Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
CVE-2026-42664 Vulnerability in CVE-2026-42664 (CVE-2026-42664)
vulnerability in CVE-2026-42664 (CVE-2026-42664). Risk of unauthorized operations or information disclosure.
CVE-2026-42640 Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
CVE-2026-42659 Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
CVE-2026-40769 Path Traversal in CVE-2026-40769 (CVE-2026-40769)
path traversal in CVE-2026-40769 (CVE-2026-40769). Risk of unauthorized operations or information disclosure.
CVE-2026-40779 Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
CVE-2026-40793 Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
CVE-2026-40795 Subscriber Broken Access Control in Amelia <= 2.2 versions.
Subscriber Broken Access Control in Amelia <= 2.2 versions.
CVE-2026-40788 Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
CVE-2026-40794 Subscriber Broken Access Control in myCred <= 3.0.3 versions.
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
CVE-2026-40774 Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
CVE-2026-40775 Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
CVE-2026-40773 Vulnerability in wordpress (CVE-2026-40773)
vulnerability in wordpress (CVE-2026-40773). Data can be tampered with by attackers.
CVE-2026-40782 Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
CVE-2026-40776 Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
CVE-2026-40771 Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
CVE-2026-42381 Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
CVE-2026-40766 Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
CVE-2026-40798 Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
CVE-2026-42386 Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
CVE-2026-41556 Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
CVE-2026-40791 Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-40787 Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40770 Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
CVE-2026-40796 Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
CVE-2026-40772 Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
CVE-2026-40790 Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
CVE-2026-40781 Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
CVE-2026-40785 Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
CVE-2026-42378 Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
CVE-2026-40799 Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
CVE-2026-40767 Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
CVE-2026-40727 Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
CVE-2026-39532 Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.
CVE-2026-40743 Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
CVE-2026-40741 Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
CVE-2026-39594 Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
CVE-2026-39534 Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 versions.
CVE-2026-39533 Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 versions.
CVE-2026-39584 Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
CVE-2026-39502 Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
CVE-2026-39530 Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
CVE-2026-40762 Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
CVE-2026-39492 Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.
Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.
CVE-2026-39511 Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →