|
CVE-2026-48889
|
|
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|
|
CVE-2026-48966
|
|
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-49065
|
|
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-49061
|
|
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
|
High
|
Cwe 22
|
3 weeks ago
|
|
CVE-2026-48885
|
|
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48871
|
|
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48873
|
|
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-48835
|
|
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-48872
|
|
Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.
Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.
|
High
|
Cwe 639
|
3 weeks ago
|
|
CVE-2026-48883
|
|
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-48874
|
|
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-48838
|
|
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48876
|
|
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-48882
|
|
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-48868
|
|
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.
|
High
|
Cwe 639
|
3 weeks ago
|
|
CVE-2026-48867
|
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42687
|
|
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions.
|
High
|
PHP
Cwe 502
|
3 weeks ago
|
|
CVE-2026-45441
|
|
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
|
High
|
Cwe 1284
|
3 weeks ago
|
|
CVE-2026-45437
|
|
Cross-Site Scripting (XSS) in CVE-2026-45437 (CVE-2026-45437)
cross-site scripting in CVE-2026-45437 (CVE-2026-45437). Risk of unauthorized operations or information disclosure.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42666
|
|
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-42668
|
|
Vulnerability in CVE-2026-42668 (CVE-2026-42668)
vulnerability in CVE-2026-42668 (CVE-2026-42668). Confidential information can be exposed externally.
|
High
|
Cwe 288
|
3 weeks ago
|
|
CVE-2026-47825
|
|
Vulnerability in CVE-2026-47825 (CVE-2026-47825)
vulnerability in CVE-2026-47825 (CVE-2026-47825). Data can be tampered with by attackers.
|
High
|
Cwe 346
|
3 weeks ago
|
|
CVE-2026-42667
|
|
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.
|
High
|
Cwe 201
|
3 weeks ago
|
|
CVE-2026-42775
|
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42664
|
|
Vulnerability in CVE-2026-42664 (CVE-2026-42664)
vulnerability in CVE-2026-42664 (CVE-2026-42664). Risk of unauthorized operations or information disclosure.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-42686
|
|
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42661
|
|
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.
|
High
|
Path Traversal
Cwe 35
|
3 weeks ago
|
|
CVE-2026-42649
|
|
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42650
|
|
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42658
|
|
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-42411
|
|
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.
|
High
|
Cwe 288
|
3 weeks ago
|
|
CVE-2026-42384
|
|
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.
Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.
|
High
|
Cwe 201
|
3 weeks ago
|
|
CVE-2026-40769
|
|
Path Traversal in CVE-2026-40769 (CVE-2026-40769)
path traversal in CVE-2026-40769 (CVE-2026-40769). Risk of unauthorized operations or information disclosure.
|
High
|
Cwe 22
|
3 weeks ago
|
|
CVE-2026-40779
|
|
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.
|
High
|
Cwe 22
|
3 weeks ago
|
|
CVE-2026-40791
|
|
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40787
|
|
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40788
|
|
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-40789
|
|
Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.
Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.
|
High
|
Cwe 201
|
3 weeks ago
|
|
CVE-2026-40774
|
|
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-40775
|
|
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-40767
|
|
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
|
High
|
Cwe 281
|
3 weeks ago
|
|
CVE-2026-40785
|
|
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.
|
High
|
Cwe 288
|
3 weeks ago
|
|
CVE-2026-40781
|
|
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
|
High
|
Cwe 288
|
3 weeks ago
|
|
CVE-2026-40766
|
|
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-40770
|
|
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
|
High
|
Cross-Site Scripting
Cwe 79
|
3 weeks ago
|
|
CVE-2026-40776
|
|
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-40762
|
|
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
|
High
|
SQL Injection
Cwe 89
|
3 weeks ago
|
|
CVE-2026-40727
|
|
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.
|
High
|
Cwe 22
|
3 weeks ago
|
|
CVE-2026-40741
|
|
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
|
High
|
Cwe 862
|
3 weeks ago
|
|
CVE-2026-39579
|
|
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
|
High
|
Privilege Escalation
Cwe 266
|
3 weeks ago
|