|
CVE-2026-42688
|
|
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42775
|
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42686
|
|
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42649
|
|
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42650
|
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42658
|
|
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42656
|
|
Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42663
|
|
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-42743
|
|
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
|
Medium
|
Cwe 347
|
il y a 3 semaines
|
|
CVE-2026-42660
|
|
Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.
Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.
|
Medium
|
Cwe 497
|
il y a 3 semaines
|
|
CVE-2026-42661
|
|
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
|
High
|
Path Traversal
Cwe 35
|
il y a 3 semaines
|
|
CVE-2026-42662
|
|
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.
|
Medium
|
Cwe 290
|
il y a 3 semaines
|
|
CVE-2026-42411
|
|
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
|
High
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-42668
|
|
Vulnérabilité dans CVE-2026-42668 (CVE-2026-42668)
vulnérabilité dans CVE-2026-42668 (CVE-2026-42668). Des informations confidentielles peuvent être exposées.
|
High
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-42655
|
|
Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.
Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.
|
Medium
|
Cwe 472
|
il y a 3 semaines
|
|
CVE-2026-42687
|
|
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
|
High
|
PHP
Cwe 502
|
il y a 3 semaines
|
|
CVE-2026-42651
|
|
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-42666
|
|
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-42664
|
|
Vulnérabilité dans CVE-2026-42664 (CVE-2026-42664)
vulnérabilité dans CVE-2026-42664 (CVE-2026-42664). Risque d'opérations non autorisées ou de divulgation.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-42640
|
|
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-42659
|
|
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40769
|
|
Traversée de chemin dans CVE-2026-40769 (CVE-2026-40769)
traversée de chemin dans CVE-2026-40769 (CVE-2026-40769). Risque d'opérations non autorisées ou de divulgation.
|
High
|
Cwe 22
|
il y a 3 semaines
|
|
CVE-2026-40779
|
|
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
|
High
|
Cwe 22
|
il y a 3 semaines
|
|
CVE-2026-40793
|
|
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40795
|
|
Subscriber Broken Access Control in Amelia <= 2.2 versions.
Subscriber Broken Access Control in Amelia <= 2.2 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40788
|
|
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40794
|
|
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
Subscriber Broken Access Control in myCred <= 3.0.3 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40774
|
|
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40775
|
|
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40773
|
|
Vulnérabilité dans wordpress (CVE-2026-40773)
vulnérabilité dans wordpress (CVE-2026-40773). Les données peuvent être altérées par des attaquants.
|
Medium
|
WordPress
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40782
|
|
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.
|
Medium
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40776
|
|
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
|
High
|
Cwe 862
|
il y a 3 semaines
|
|
CVE-2026-40771
|
|
Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-42381
|
|
Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-40766
|
|
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
|
High
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-40798
|
|
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-42386
|
|
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.
|
Critical
|
SQL Injection
Cwe 89
|
il y a 3 semaines
|
|
CVE-2026-41556
|
|
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
|
Medium
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-40791
|
|
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-40787
|
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-40770
|
|
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
il y a 3 semaines
|
|
CVE-2026-40796
|
|
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
|
Medium
|
Cwe 497
|
il y a 3 semaines
|
|
CVE-2026-40772
|
|
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
|
Critical
|
Cwe 434
|
il y a 3 semaines
|
|
CVE-2026-40790
|
|
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.
|
Medium
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-40781
|
|
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
|
High
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-40785
|
|
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
|
High
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-42378
|
|
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.
|
Medium
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-40799
|
|
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
|
Medium
|
Cwe 288
|
il y a 3 semaines
|
|
CVE-2026-40767
|
|
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
|
High
|
Cwe 281
|
il y a 3 semaines
|
|
CVE-2026-39591
|
|
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
|
Critical
|
WordPress
Cwe 434
|
il y a 3 semaines
|