| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-52697 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions. | ||
| CVE-2026-52695 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions. | ||
| CVE-2026-52694 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions. | ||
| CVE-2026-52693 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions. | ||
| CVE-2026-52692 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions. | ||
| CVE-2026-49781 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | ||
| CVE-2026-49780 | Hig | 0.50 | 8.8 | 0.00 | Jun 15, 2026 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. | ||
| CVE-2026-49776 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||
| CVE-2026-49775 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||
| CVE-2026-49773 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions. | ||
| CVE-2026-49770 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | ||
| CVE-2026-49769 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions. | ||
| CVE-2026-49768 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions. | ||
| CVE-2026-49766 | Cri | 0.64 | 9.9 | 0.01 | Jun 15, 2026 | Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||
| CVE-2026-49765 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions. | ||
| CVE-2026-49764 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. | ||
| CVE-2026-49763 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | ||
| CVE-2026-49112 | Hig | 0.42 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | ||
| CVE-2026-49110 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions. | ||
| CVE-2026-49109 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||
| CVE-2026-49106 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | ||
| CVE-2026-49105 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | ||
| CVE-2026-49104 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | ||
| CVE-2026-49085 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | ||
| CVE-2026-49083 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. | ||
| CVE-2026-49082 | Hig | 0.48 | 7.4 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions. | ||
| CVE-2026-49078 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions. | ||
| CVE-2026-49070 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions. | ||
| CVE-2026-49068 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | ||
| CVE-2026-49067 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. | ||
| CVE-2026-49066 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions. | ||
| CVE-2026-49065 | Hig | 0.53 | 8.2 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | ||
| CVE-2026-49063 | Hig | 0.47 | 7.3 | 0.00 | Jun 15, 2026 | Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. | ||
| CVE-2026-49061 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions. | ||
| CVE-2026-49056 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions. | ||
| CVE-2026-49055 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions. | ||
| CVE-2026-49043 | Med | 0.24 | 4.7 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions. | ||
| CVE-2026-48970 | Hig | 0.53 | 8.1 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | ||
| CVE-2026-48966 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | ||
| CVE-2026-48965 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions. | ||
| CVE-2026-48964 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | ||
| CVE-2026-48889 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | ||
| CVE-2026-48887 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions. | ||
| CVE-2026-48886 | Cri | 0.60 | 9.3 | 0.00 | Jun 15, 2026 | Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. | ||
| CVE-2026-48885 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions. | ||
| CVE-2026-48883 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions. | ||
| CVE-2026-48882 | Hig | 0.55 | 8.5 | 0.00 | Jun 15, 2026 | Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | ||
| CVE-2026-48881 | Cri | 0.59 | 9.1 | 0.00 | Jun 15, 2026 | Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | ||
| CVE-2026-48880 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions. | ||
| CVE-2026-48878 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions. |
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
- risk 0.50cvss 8.8epss 0.00
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.
- risk 0.64cvss 9.9epss 0.01
Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.
- risk 0.42cvss 7.5epss 0.00
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
- risk 0.49cvss 7.5epss 0.00
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
- risk 0.48cvss 7.4epss 0.00
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
- risk 0.49cvss 7.5epss 0.00
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
- risk 0.53cvss 8.2epss 0.00
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
- risk 0.47cvss 7.3epss 0.00
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.
- risk 0.24cvss 4.7epss 0.00
Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.
- risk 0.53cvss 8.1epss 0.00
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
- risk 0.57cvss 8.8epss 0.00
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
- risk 0.60cvss 9.3epss 0.00
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
- risk 0.46cvss 7.1epss 0.00
Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
- risk 0.49cvss 7.5epss 0.00
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.
- risk 0.55cvss 8.5epss 0.00
Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.
- risk 0.59cvss 9.1epss 0.00
Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.
- risk 0.42cvss 6.5epss 0.00
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.