← Browse

Unknown

72 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-10750 HIGH 8.1 Royal Mcp — The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP to…● PoC 2026-07-01 CVE-2026-11562 MEDIUM 4.3 Ws Form Lite — The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-updat…● PoC 2026-07-01 CVE-2026-11568 HIGH 7.5 Product Configurator For Woocommerce — The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or p…● PoC 2026-07-01 CVE-2026-11570 MEDIUM 4.2 User Submitted Posts — The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting…● PoC 2026-07-01 CVE-2026-11794 HIGH 8.1 Advanced Form Integration — Connect Forms To 200+ Apps — The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the…● PoC 2026-07-01 CVE-2026-11880 LOW 3.1 Fluent Forms — The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscri…● PoC 2026-07-01 CVE-2026-11883 HIGH 7.2 Webauthn Provider For Two Factor — The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-fact…● PoC 2026-07-01 CVE-2026-11887 MEDIUM 4.3 Salon Booking System — The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of…● PoC 2026-07-01 CVE-2026-11581 MEDIUM 5.9 Kali Forms — Contact Form & Drag And Drop Builder — The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form …● PoC 2026-06-30 CVE-2026-11589 HIGH 8.8 Wp Support Plus Responsive Ticket System — The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploade…● PoC 2026-06-30 CVE-2026-11590 HIGH 8.6 Wp Support Plus Responsive Ticket System — The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied ar…● PoC 2026-06-30 CVE-2026-9576 MEDIUM 4.9 Fluent Booking — The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before e…● PoC 2026-06-30 CVE-2026-10083 HIGH 7.5 Apcu Manager — The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in…● PoC 2026-06-29 CVE-2026-9676 MEDIUM 4.3 F4 Post Tree — The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification o…● PoC 2026-06-29 CVE-2026-10820 HIGH 8.1 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content — The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Wo…● PoC 2026-06-27 CVE-2026-9677 MEDIUM 4.8 Shariff For Wordpress — The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_…● PoC 2026-06-27 CVE-2026-10823 HIGH 7.5 Ymc Filter — The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoi…● PoC 2026-06-26 CVE-2026-10835 HIGH 7.7 Salesmanago & Leadoo — The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter pass…● PoC 2026-06-26 CVE-2026-8380 MEDIUM 6.5 Frontend File Manager Plugin — The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every tar…● PoC 2026-06-26 CVE-2025-10268 MEDIUM 5.3 Printcart Web To Print Product Designer For Woocommerce — The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to pa…● PoC 2026-06-26 CVE-2026-10824 MEDIUM 6.5 Masteriyo Lms — The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress RE…● PoC 2026-06-25 CVE-2026-5305 HIGH 8.8 Email Address Encoder — The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12…● PoC 2026-06-25 CVE-2026-9702 HIGH 7.5 Inpost Pl — The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate bu…● PoC 2026-06-25 CVE-2026-10531 MEDIUM 5.4 Ai Share & Summarize — The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attr…● PoC 2026-06-24 CVE-2026-10735 HIGH 7.5 Smart Post Show Pro — Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin befor…● PoC 2026-06-24 CVE-2026-10749 HIGH 7.2 Post Duplicator — The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplica…● PoC 2026-06-24 CVE-2026-10753 LOW 2.7 Site Kit By Google — The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint t…● PoC 2026-06-24 CVE-2026-9709 HIGH 7.7 Cornerstone — The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes…● PoC 2026-06-24 CVE-2026-9710 HIGH 7.7 Cornerstone — The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview req…● PoC 2026-06-24 CVE-2026-7842 MEDIUM 6.8 Infility Global — The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validat…● PoC 2026-06-23 CVE-2026-8163 HIGH 8.8 Infility Global — The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters befo…● PoC 2026-06-23 CVE-2026-8172 HIGH 7.1 Simple Basic Contact Form — The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before ref…● PoC 2026-06-23 CVE-2026-8378 MEDIUM 5.4 Frontend File Manager Plugin — The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitt…● PoC 2026-06-23 CVE-2026-8379 HIGH 7.5 Frontend File Manager Plugin — The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on th…● PoC 2026-06-23 CVE-2026-10530 MEDIUM 5.3 Pie Register — The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its…● PoC 2026-06-22 CVE-2026-4110 MEDIUM 6.1 Ultimate Woocommerce Auction Pro — The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter b…● PoC 2026-06-22 CVE-2026-4259 HIGH 7.1 Ultimate Woocommerce Auction Pro — The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter b…● PoC 2026-06-22 CVE-2026-6858 HIGH 7.1 Transbank Webpay — The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowin…● PoC 2026-06-22 CVE-2026-7859 MEDIUM 5.3 Motors — The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its A…● PoC 2026-06-22 CVE-2026-8157 HIGH 8.8 Vitepos — The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when crea…● PoC 2026-06-22 CVE-2026-9822 MEDIUM 6.5 Wp Hotel Booking — The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX h…● PoC 2026-06-19 CVE-2026-9815 MEDIUM 6.5 Magicform — The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an …● PoC 2026-06-18 CVE-2026-7850 MEDIUM 5.9 Wp Magnific Popup — The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before i…● PoC 2026-06-17 CVE-2026-8089 HIGH 7.1 Wemail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins For Woocommerce — The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPre…● PoC 2026-06-17 CVE-2026-8383 MEDIUM 5.3 Learnpress — The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint beh…● PoC 2026-06-17 CVE-2026-9570 HIGH 7.1 Taskbuilder — The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it in…● PoC 2026-06-17 CVE-2026-8385 MEDIUM 5.3 Wp Go Maps — The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the ad…● PoC 2026-06-15 CVE-2026-8386 MEDIUM 5.3 Wp Go Maps — The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public si…● PoC 2026-06-15 CVE-2026-8935 CRITICAL 9.8 Wp Maps Pro — The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid no…● PoC 2026-06-15 CVE-2026-9278 MEDIUM 5.4 Form Builder Cp — The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value befor…● PoC 2026-06-15 CVE-2025-15546 N/A Iptanus File Upload — The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplica…● PoC 2026-06-14 CVE-2026-9061 LOW 3.5 Store Locator Wordpress — The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storin…● PoC 2026-06-13 CVE-2026-9062 LOW 3.4 Store Locator Wordpress — The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, …● PoC 2026-06-13 CVE-2026-9269 LOW 3.5 Secure Copy Content Protection And Content Locking — The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and esc…● PoC 2026-06-12 CVE-2026-9271 MEDIUM 5.9 Keepinmind Dashboard Notes — Vulnerability Title● PoC 2026-06-12 CVE-2026-3326 HIGH 8.6 Xstore — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a…● PoC 2026-06-10 CVE-2026-8071 HIGH 8.8 Anti Spam By Cleantalk. Spam Protection — The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content wi…● PoC 2026-06-10 CVE-2026-9060 LOW 3.5 Store Locator Wordpress — The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storin…● PoC 2026-06-10 CVE-2026-9067 CRITICAL 9.1 Schema & Structured Data For Wp & Amp — The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its…● PoC 2026-06-10 CVE-2026-4986 MEDIUM 5.3 Wpforms — The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook even…● PoC 2026-06-09 CVE-2026-8981 LOW 3.5 Custom Block Builder — The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capabi…● PoC 2026-06-09 CVE-2026-8293 HIGH 7.5 Really Simple Security — The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in t…● PoC 2026-06-02 CVE-2026-7862 HIGH 8.6 Eupago Gateway For Woocommerce — The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refu…● PoC 2026-05-28 CVE-2026-6268 HIGH 7.1 Eventpress — The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_cu…● PoC 2026-05-27 CVE-2026-5776 MEDIUM 6.1 Email Encoder — The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, all…● PoC 2026-05-20 CVE-2026-7385 MEDIUM 5.8 Decent Comments — The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses a…● PoC 2026-05-20 CVE-2025-15609 HIGH 7.5 Fortis For Woocommerce — The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attack…● PoC 2026-05-19 CVE-2026-1631 MEDIUM 5.4 Feeds For Youtube (Youtube Video, Channel, And Gallery Plugin) — The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable…● PoC 2026-05-18 CVE-2026-3220 HIGH 8.8 Autoptimize — The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer …● PoC 2026-05-18 CVE-2026-6379 HIGH 8.6 Wp Photo Album Plus — The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter b…● PoC 2026-05-18 CVE-2026-6381 HIGH 7.5 Wp Maps — The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file pa…● PoC 2026-05-18 CVE-2026-6495 HIGH 7.1 Ajax Load More — The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting i…● PoC 2026-05-18