Unknown
72 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-10750
HIGH 8.1
Royal Mcp — The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP to…● PoC
2026-07-01
CVE-2026-11562
MEDIUM 4.3
Ws Form Lite — The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-updat…● PoC
2026-07-01
CVE-2026-11568
HIGH 7.5
Product Configurator For Woocommerce — The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or p…● PoC
2026-07-01
CVE-2026-11570
MEDIUM 4.2
User Submitted Posts — The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting…● PoC
2026-07-01
CVE-2026-11794
HIGH 8.1
Advanced Form Integration — Connect Forms To 200+ Apps — The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the…● PoC
2026-07-01
CVE-2026-11880
LOW 3.1
Fluent Forms — The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscri…● PoC
2026-07-01
CVE-2026-11883
HIGH 7.2
Webauthn Provider For Two Factor — The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-fact…● PoC
2026-07-01
CVE-2026-11887
MEDIUM 4.3
Salon Booking System — The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of…● PoC
2026-07-01
CVE-2026-11581
MEDIUM 5.9
Kali Forms — Contact Form & Drag And Drop Builder — The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.13 does not sanitise a form …● PoC
2026-06-30
CVE-2026-11589
HIGH 8.8
Wp Support Plus Responsive Ticket System — The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploade…● PoC
2026-06-30
CVE-2026-11590
HIGH 8.6
Wp Support Plus Responsive Ticket System — The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied ar…● PoC
2026-06-30
CVE-2026-9576
MEDIUM 4.9
Fluent Booking — The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested group_id before e…● PoC
2026-06-30
CVE-2026-10083
HIGH 7.5
Apcu Manager — The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in…● PoC
2026-06-29
CVE-2026-9676
MEDIUM 4.3
F4 Post Tree — The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification o…● PoC
2026-06-29
CVE-2026-10820
HIGH 8.1
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content — The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Wo…● PoC
2026-06-27
CVE-2026-9677
MEDIUM 4.8
Shariff For Wordpress — The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_…● PoC
2026-06-27
CVE-2026-10823
HIGH 7.5
Ymc Filter — The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoi…● PoC
2026-06-26
CVE-2026-10835
HIGH 7.7
Salesmanago & Leadoo — The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter pass…● PoC
2026-06-26
CVE-2026-8380
MEDIUM 6.5
Frontend File Manager Plugin — The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every tar…● PoC
2026-06-26
CVE-2025-10268
MEDIUM 5.3
Printcart Web To Print Product Designer For Woocommerce — The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to pa…● PoC
2026-06-26
CVE-2026-10824
MEDIUM 6.5
Masteriyo Lms — The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress RE…● PoC
2026-06-25
CVE-2026-5305
HIGH 8.8
Email Address Encoder — The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12…● PoC
2026-06-25
CVE-2026-9702
HIGH 7.5
Inpost Pl — The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate bu…● PoC
2026-06-25
CVE-2026-10531
MEDIUM 5.4
Ai Share & Summarize — The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attr…● PoC
2026-06-24
CVE-2026-10735
HIGH 7.5
Smart Post Show Pro — Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin befor…● PoC
2026-06-24
CVE-2026-10749
HIGH 7.2
Post Duplicator — The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplica…● PoC
2026-06-24
CVE-2026-10753
LOW 2.7
Site Kit By Google — The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint t…● PoC
2026-06-24
CVE-2026-9709
HIGH 7.7
Cornerstone — The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes…● PoC
2026-06-24
CVE-2026-9710
HIGH 7.7
Cornerstone — The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview req…● PoC
2026-06-24
CVE-2026-7842
MEDIUM 6.8
Infility Global — The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validat…● PoC
2026-06-23
CVE-2026-8163
HIGH 8.8
Infility Global — The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters befo…● PoC
2026-06-23
CVE-2026-8172
HIGH 7.1
Simple Basic Contact Form — The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before ref…● PoC
2026-06-23
CVE-2026-8378
MEDIUM 5.4
Frontend File Manager Plugin — The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitt…● PoC
2026-06-23
CVE-2026-8379
HIGH 7.5
Frontend File Manager Plugin — The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce check on th…● PoC
2026-06-23
CVE-2026-10530
MEDIUM 5.3
Pie Register — The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its…● PoC
2026-06-22
CVE-2026-4110
MEDIUM 6.1
Ultimate Woocommerce Auction Pro — The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter b…● PoC
2026-06-22
CVE-2026-4259
HIGH 7.1
Ultimate Woocommerce Auction Pro — The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter b…● PoC
2026-06-22
CVE-2026-6858
HIGH 7.1
Transbank Webpay — The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowin…● PoC
2026-06-22
CVE-2026-7859
MEDIUM 5.3
Motors — The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its A…● PoC
2026-06-22
CVE-2026-8157
HIGH 8.8
Vitepos — The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when crea…● PoC
2026-06-22
CVE-2026-9822
MEDIUM 6.5
Wp Hotel Booking — The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX h…● PoC
2026-06-19
CVE-2026-9815
MEDIUM 6.5
Magicform — The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an …● PoC
2026-06-18
CVE-2026-7850
MEDIUM 5.9
Wp Magnific Popup — The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before i…● PoC
2026-06-17
CVE-2026-8089
HIGH 7.1
Wemail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins For Woocommerce — The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPre…● PoC
2026-06-17
CVE-2026-8383
MEDIUM 5.3
Learnpress — The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint beh…● PoC
2026-06-17
CVE-2026-9570
HIGH 7.1
Taskbuilder — The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it in…● PoC
2026-06-17
CVE-2026-8385
MEDIUM 5.3
Wp Go Maps — The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the ad…● PoC
2026-06-15
CVE-2026-8386
MEDIUM 5.3
Wp Go Maps — The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public si…● PoC
2026-06-15
CVE-2026-8935
CRITICAL 9.8
Wp Maps Pro — The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid no…● PoC
2026-06-15
CVE-2026-9278
MEDIUM 5.4
Form Builder Cp — The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value befor…● PoC
2026-06-15
CVE-2025-15546
N/A
Iptanus File Upload — The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplica…● PoC
2026-06-14
CVE-2026-9061
LOW 3.5
Store Locator Wordpress — The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storin…● PoC
2026-06-13
CVE-2026-9062
LOW 3.4
Store Locator Wordpress — The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, …● PoC
2026-06-13
CVE-2026-9269
LOW 3.5
Secure Copy Content Protection And Content Locking — The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and esc…● PoC
2026-06-12
CVE-2026-9271
MEDIUM 5.9
Keepinmind Dashboard Notes — Vulnerability Title● PoC
2026-06-12
CVE-2026-3326
HIGH 8.6
Xstore — The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a…● PoC
2026-06-10
CVE-2026-8071
HIGH 8.8
Anti Spam By Cleantalk. Spam Protection — The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content wi…● PoC
2026-06-10
CVE-2026-9060
LOW 3.5
Store Locator Wordpress — The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storin…● PoC
2026-06-10
CVE-2026-9067
CRITICAL 9.1
Schema & Structured Data For Wp & Amp — The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its…● PoC
2026-06-10
CVE-2026-4986
MEDIUM 5.3
Wpforms — The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook even…● PoC
2026-06-09
CVE-2026-8981
LOW 3.5
Custom Block Builder — The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capabi…● PoC
2026-06-09
CVE-2026-8293
HIGH 7.5
Really Simple Security — The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in t…● PoC
2026-06-02
CVE-2026-7862
HIGH 8.6
Eupago Gateway For Woocommerce — The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refu…● PoC
2026-05-28
CVE-2026-6268
HIGH 7.1
Eventpress — The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_cu…● PoC
2026-05-27
CVE-2026-5776
MEDIUM 6.1
Email Encoder — The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, all…● PoC
2026-05-20
CVE-2026-7385
MEDIUM 5.8
Decent Comments — The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses a…● PoC
2026-05-20
CVE-2025-15609
HIGH 7.5
Fortis For Woocommerce — The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attack…● PoC
2026-05-19
CVE-2026-1631
MEDIUM 5.4
Feeds For Youtube (Youtube Video, Channel, And Gallery Plugin) — The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable…● PoC
2026-05-18
CVE-2026-3220
HIGH 8.8
Autoptimize — The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer …● PoC
2026-05-18
CVE-2026-6379
HIGH 8.6
Wp Photo Album Plus — The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter b…● PoC
2026-05-18
CVE-2026-6381
HIGH 7.5
Wp Maps — The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file pa…● PoC
2026-05-18
CVE-2026-6495
HIGH 7.1
Ajax Load More — The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting i…● PoC
2026-05-18