|
CVE-2026-52703
|
|
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.
|
Critical
|
Path Traversal
Cwe 35
|
il y a 3 semaines
|
|
CVE-2026-49766
|
|
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
|
Critical
|
Cwe 22
|
il y a 3 semaines
|
|
CVE-2026-9691
|
|
Désérialisation non sécurisée dans CVE-2026-9691 (CVE-2026-9691)
vulnérabilité dans CVE-2026-9691 (CVE-2026-9691). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49769
|
|
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49768
|
|
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49781
|
|
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49770
|
|
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49765
|
|
Désérialisation non sécurisée dans CVE-2026-49765 (CVE-2026-49765)
vulnérabilité dans CVE-2026-49765 (CVE-2026-49765). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49775
|
|
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-49061
|
|
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
|
High
|
Cwe 22
|
il y a 3 semaines
|
|
CVE-2026-49763
|
|
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49105
|
|
Désérialisation non sécurisée dans CVE-2026-49105 (CVE-2026-49105)
vulnérabilité dans CVE-2026-49105 (CVE-2026-49105). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49106
|
|
Désérialisation non sécurisée dans CVE-2026-49106 (CVE-2026-49106)
vulnérabilité dans CVE-2026-49106 (CVE-2026-49106). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49104
|
|
Désérialisation non sécurisée dans CVE-2026-49104 (CVE-2026-49104)
vulnérabilité dans CVE-2026-49104 (CVE-2026-49104). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49085
|
|
Désérialisation non sécurisée dans CVE-2026-49085 (CVE-2026-49085)
vulnérabilité dans CVE-2026-49085 (CVE-2026-49085). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49109
|
|
Désérialisation non sécurisée dans CVE-2026-49109 (CVE-2026-49109)
vulnérabilité dans CVE-2026-49109 (CVE-2026-49109). L'exploitation peut entraîner la prise de contrôle totale du système.
|
Critical
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-49070
|
|
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-49065
|
|
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-48964
|
|
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
|
High
|
WordPress
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-49067
|
|
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-49055
|
|
XSS (Cross-Site Scripting) dans CVE-2026-49055 (CVE-2026-49055)
XSS dans CVE-2026-49055 (CVE-2026-49055). Risque d'opérations non autorisées ou de divulgation.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48966
|
|
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-49066
|
|
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
|
High
|
Cwe 497
|
il y a 3 semaines
|
|
CVE-2026-49056
|
|
Vulnérabilité dans CVE-2026-49056 (CVE-2026-49056)
vulnérabilité dans CVE-2026-49056 (CVE-2026-49056). Des informations confidentielles peuvent être exposées.
|
High
|
Cwe 497
|
il y a 3 semaines
|
|
CVE-2026-49068
|
|
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
|
High
|
Cwe 497
|
il y a 3 semaines
|
|
CVE-2026-49112
|
|
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
|
High
|
Path Traversal
Cwe 35
|
il y a 3 semaines
|
|
CVE-2026-48970
|
|
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
|
High
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-49764
|
|
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
|
Critical
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-49043
|
|
Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.
|
Medium
|
Cross-Site Request Forgery
Cwe 352
|
il y a 3 semaines
|
|
CVE-2026-48878
|
|
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.
|
Medium
|
Cwe 497
|
il y a 3 semaines
|
|
CVE-2026-48836
|
|
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.
|
Critical
|
Remote Code Execution
Cwe 94
|
il y a 3 semaines
|
|
CVE-2026-48881
|
|
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
|
Critical
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-48873
|
|
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-48887
|
|
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
|
Medium
|
JavaScript
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-48835
|
|
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-48883
|
|
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-48882
|
|
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-48874
|
|
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-48886
|
|
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
|
Critical
|
JavaScript
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-45439
|
|
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-48880
|
|
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48885
|
|
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48871
|
|
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48838
|
|
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48876
|
|
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48867
|
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-48870
|
|
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42639
|
|
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-42665
|
|
Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.
Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-45437
|
|
XSS (Cross-Site Scripting) dans CVE-2026-45437 (CVE-2026-45437)
XSS dans CVE-2026-45437 (CVE-2026-45437). Risque d'opérations non autorisées ou de divulgation.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|