Search Results (13811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-56030 2 Paytium, Wordpress 2 Paytium, Wordpress 2026-06-29 9.8 Critical
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
CVE-2026-56034 2 Owthub, Wordpress 2 Library Management System, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.
CVE-2026-56046 2 Cridio, Wordpress 2 Listingpro, Wordpress 2026-06-29 6.5 Medium
Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
CVE-2026-56048 1 Wordpress 2 Payment Gateway Based Fees And Discounts For Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.
CVE-2026-56057 2 Uncannyowl, Wordpress 2 Uncanny Automator, Wordpress 2026-06-29 9.8 Critical
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
CVE-2026-56067 2 Jetimpex Inc., Wordpress 2 Jetsmartfilters, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.
CVE-2026-56068 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-06-29 9.3 Critical
Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.
CVE-2026-57315 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-29 8.5 High
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
CVE-2026-57431 2 Mer.vin, Wordpress 2 Featured Image, Wordpress 2026-06-29 6.5 Medium
Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
CVE-2026-57628 2 Wordpress, Wpallimport 2 Wordpress, Wp All Import 2026-06-29 7.6 High
Administrator SQL Injection in WP All Import <= 4.0.1 versions.
CVE-2026-57630 2 Creativethemes, Wordpress 2 Blocksy Companion, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.
CVE-2026-57632 2 Omnisend, Wordpress 2 Email Marketing For Woocommerce, Wordpress 2026-06-29 5.4 Medium
Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.
CVE-2026-57640 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2026-06-29 4.3 Medium
Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.
CVE-2026-57641 2 Contempothemes, Wordpress 2 Real Estate 7, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.
CVE-2026-57645 2 Tribulant, Wordpress 2 Newsletters, Wordpress 2026-06-29 8.1 High
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.
CVE-2026-57649 2 Studiowombat, Wordpress 2 Shoppable Images, Wordpress 2026-06-29 4.3 Medium
Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.
CVE-2026-57660 2 Magepeople, Wordpress 2 Booking & Rental Manager, Wordpress 2026-06-29 5.3 Medium
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
CVE-2026-57663 2 Really-simple-plugins, Wordpress 2 Recipe Maker For Your Food Blog From Zip Recipes, Wordpress 2026-06-29 8.5 High
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.
CVE-2026-12404 2 Webaways, Wordpress 2 Nex-forms-ultimate-forms-plugin, Wordpress 2026-06-29 5.3 Medium
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to enumerate sequential report IDs and download complete form submission data — including names, email addresses, phone numbers, postal addresses, payment details, and uploaded file paths — for any saved report on the site.
CVE-2026-10820 2 Properfraction, Wordpress 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress 2026-06-29 8.1 High
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user (Subscriber+) to cancel other users' active subscriptions via an Insecure Direct Object Reference.