Search Results (13704 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10736 2 Themeum, Wordpress 2 Tutor Lms – Elearning And Online Course Solution, Wordpress 2026-06-18 4.9 Medium
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 3.9.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-12093 2 Wordpress, Wpinsider-1 2 Wordpress, Simple Membership 2026-06-18 5.3 Medium
The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to deactivate arbitrary member accounts by forging a charge.refunded webhook event containing a victim's subscription ID, setting the target member's account_state to 'inactive' and triggering cancellation hooks, transaction-record status changes, and cancellation notification emails. This vulnerability is exploitable only on installations where no Stripe webhook signing secret has been configured, which is the default out-of-the-box state; sites that have configured the stripe-webhook-signing-secret option are routed to the properly verified HMAC path and are not affected.
CVE-2026-12102 2 Stiofansisland, Wordpress 2 Userswp – Front-end Login Form, User Registration, User Profile & Members Directory Plugin For Wp, Wordpress 2026-06-18 2.7 Low
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the 'user_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with editor-level access and above, to reset and permanently delete the avatar or banner image of any arbitrary user, including administrators, by clearing their avatar_thumb or banner_thumb metadata in the uwp_usermeta table.
CVE-2026-12111 2 Codepeople, Wordpress 2 Appointment Booking Calendar, Wordpress 2026-06-18 4.3 Medium
The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabc_appointments_calendar_load2() function, which is reachable via the cpabc_calendar_load2=1 query parameter in wp-admin and only checks is_admin() && current_user_can('edit_posts'), a capability available to Contributor-level users and above. This makes it possible for authenticated attackers with Contributor-level access and above to supply an arbitrary calendar ID via the id parameter and extract customer booking information, including email addresses, names, phone numbers, booking times, and comments, from any calendar managed by the plugin.
CVE-2026-10023 2 Dokaninc, Wordpress 2 Dokan: Ai Powered Woocommerce Multivendor Marketplace Solution – Build Your Own Amazon, Ebay, Etsy, Wordpress 2026-06-18 4.3 Medium
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the change_order_status, add_order_note, delete_order_note, add_shipping_tracking_info, grant_access_to_download, and revoke_access_to_download AJAX handlers due to missing ownership validation on a user-controlled order ID key. This makes it possible for authenticated attackers, with custom vendor-level access and above, to modify the status of arbitrary orders, add attacker-controlled notes to any order (including customer-facing notes that trigger WooCommerce notification emails to buyers), delete any order note or WordPress comment by ID regardless of ownership, inject fake shipping tracking information on any order, and grant or revoke downloadable-product permissions on any order in the marketplace. Critically, nonce validity is not a barrier to exploitation: each of these AJAX handlers generates and embeds its nonce on the authenticated vendor's own dashboard order pages (e.g., /dashboard/orders/?order_id=OWN_ORDER_ID), which the attacker legitimately controls. The attacker harvests a valid nonce from their own order detail page and replays it against a victim order ID — the nonce only proves the request originates from a logged-in session, not that the order belongs to that vendor. This directly rebuts the prior rejection reasoning that 'users cannot generate valid nonces on command': vendor users can and do generate valid nonces on demand simply by loading their own dashboard pages. Source-code analysis confirmed the vulnerable code path is present and unpatched through version 5.0.1.
CVE-2026-54186 2 Eyecix, Wordpress 2 Jobsearch, Wordpress 2026-06-18 9.3 Critical
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
CVE-2026-29205 2 Webpros, Wordpress 3 Cpanel, Wp Squared, Wordpress 2026-06-18 8.6 High
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.
CVE-2026-39442 2 Presslayouts, Wordpress 2 Pressmart, Wordpress 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
CVE-2026-54193 2 Themefusion, Wordpress 2 Fusion Builder, Wordpress 2026-06-17 7.7 High
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
CVE-2026-54816 2 Monetizemore, Wordpress 2 Advanced Ads, Wordpress 2026-06-17 7.5 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.
CVE-2025-15657 2 Mojoomla, Wordpress 2 School Management, Wordpress 2026-06-17 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
CVE-2026-52716 2 Purethemes, Wordpress 2 Workscout Core, Wordpress 2026-06-17 6.5 Medium
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
CVE-2026-54818 2 Veronalabs, Wordpress 2 Slimstat Analytics, Wordpress 2026-06-17 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11.
CVE-2026-54817 2 Fluxbuilder, Wordpress 2 Mstore Api, Wordpress 2026-06-17 6.5 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4.
CVE-2024-24709 2 Shareaholic, Wordpress 2 Shareaholic, Wordpress 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-34888 2 Bricksforge, Wordpress 2 Bricksforge, Wordpress 2026-06-17 7.5 High
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
CVE-2026-24611 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 9.1 Critical
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-24610 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-27410 2 Veronalabs, Wordpress 2 Slimstat Analytics, Wordpress 2026-06-17 6.5 Medium
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-39595 2 Boldgrid, Wordpress 2 W3 Total Cache, Wordpress 2026-06-17 4.7 Medium
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.