Search Results (13797 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-12165 2 Contest-gallery, Wordpress 2 Contest Gallery – Upload & Vote Photos, Media, Sell With Paypal & Stripe, Wordpress 2026-06-17 8.8 High
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the `RegistryUserRole` parameter. This is due to the plugin's admin menu being registered at the `edit_posts` capability level — granting Contributor-level users access to the plugin's admin pages and a valid `cg_admin` nonce — while the option-saving handler in `change-options-and-sizes.php` performs no `current_user_can()` capability check beyond `check_admin_referer('cg_admin')`, and the `RegistryUserRole` value is processed only through `sanitize_text_field()` and `htmlentities()` without restriction to an allowlist of permitted role names. This makes it possible for authenticated attackers, with author-level access and above, to overwrite the plugin's stored `RegistryUserRole` option with `administrator`, which the `cg_create_wp_user_from_google_user` function then reads back from the `contest_gal1ery_registry_and_login_options` database table without any allowlist validation and passes directly to `wp_update_user()`, effectively promoting a newly registered Google sign-in account to Administrator.
CVE-2026-40754 2 Elated-themes, Wordpress 2 Roisin, Wordpress 2026-06-17 8.1 High
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
CVE-2026-12360 2 Crocoblock, Wordpress 2 Jetengine, Wordpress 2026-06-17 7.5 High
The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However, meta_query row values within filtered_query are not sanitized before being merged into SQL construction. This makes it possible for unauthenticated attackers to perform time-based or boolean blind SQL injection by appending a malicious meta_query value to a Load More AJAX request captured from any public Listing Grid page.
CVE-2026-48869 2 Kriesi, Wordpress 2 Enfold, Wordpress 2026-06-17 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
CVE-2026-9062 2 Store Locator Wordpress, Wordpress 2 Store Locator Wordpress, Wordpress 2026-06-17 3.4 Low
The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from the server, including configuration files that contain database credentials and authentication keys.
CVE-2026-39481 2 Wordpress, Wpchill 2 Wordpress, Modula Image Gallery 2026-06-16 7.2 High
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
CVE-2026-39449 2 Itpathsolutions, Wordpress 2 Contact Form To Any Api, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
CVE-2026-34892 2 Rank Math Seo, Wordpress 2 Rank Math Seo, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
CVE-2026-39435 2 Bgermann, Wordpress 2 Cformsii, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
CVE-2026-39463 2 Managewp, Wordpress 2 Managewp Worker, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
CVE-2026-39474 2 Metaphorcreations, Wordpress 2 Post Duplicator, Wordpress 2026-06-16 8.8 High
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
CVE-2026-39584 2 Webful Creations, Wordpress 2 Repairbuddy, Wordpress 2026-06-16 6.5 Medium
Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.
CVE-2026-40770 2 Relywp, Wordpress 2 Coupon Affiliates, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
CVE-2026-42663 2 Wordpress, Wp.insider 2 Wordpress, Simple Membership 2026-06-16 6.5 Medium
Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
CVE-2026-48867 2 Expresstech, Wordpress 2 Quiz And Survey Master, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
CVE-2026-52712 2 Tnomi, Wordpress 2 Attendance Manager, Wordpress 2026-06-16 7.6 High
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
CVE-2026-54198 2 Davidlingren, Wordpress 2 Media Library Assistant, Wordpress 2026-06-16 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
CVE-2026-2381 2 Woocommerce, Wordpress 2 Stripe Payment Gateway, Wordpress 2026-06-16 6.5 Medium
The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or order_key verification when processing payment for an order via the `wc_stripe_pay_for_order` WC-AJAX endpoint. The function only validates a nonce (which is publicly available on any WooCommerce page where Express Checkout is enabled), but does not verify that the requesting user owns the target order and is allowed to modify it. This makes it possible for unauthenticated attackers to force any pending order into a failed status by providing a fake payment method, causing a payment exception that updates the order status to "failed" via sequential order ID enumeration.
CVE-2026-5149 2 Rometheme, Wordpress 2 Rtmkit, Wordpress 2026-06-16 6.5 Medium
The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it possible for authenticated attackers, with Contributor-level access and above, to view arbitrary form submissions from other users by iterating the entries_id parameter.
CVE-2026-39499 2 Wombat Plugins, Wordpress 2 Advanced Product Fields Product Addons For Woocommerce, Wordpress 2026-06-16 7.2 High
Shop manager PHP Object Injection in Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.19 versions.