Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privi…
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Remote
|
Cross-Site Scripting
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Malicious HTML content could be injected into the email address of an
order, which pretix showed without sanitization on the confirmation page
for individual tickets in that order.
pretix
|
Remote
|
Cross-Site Scripting
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-13223
— Insufficient validation of payment status in pretix-computop
Our payment integration with Computop-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and suppl…
Remote
|
Authentication
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-13222
— Insufficient validation of payment status in pretix-oppwa
Our payment integration with Oppwa-based payment methods did not
properly validate payment status responses. An attacker could use a
successful payment status response from one payment and supply i…
Remote
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-57619
— WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerabili…
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-57429
— WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability
Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.
Remote
|
Authorization
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56122
— Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths
Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences …
Remote
|
Path Traversal
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56071
— WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56054
— WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
Remote
|
Path Traversal
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56053
— WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
Jun 25, 2026
Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
CVE-2026-56051
— WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Jun 25, 2026
Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
CVE-2026-56050
— WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a thr…
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56049
— WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56042
— WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (X…
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56023
— WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Con…
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.
Remote
|
Authorization
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56014
— WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Jun 25, 2026
Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
CVE-2026-56013
— WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object Refer…
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
Jun 25, 2026
Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
CVE-2026-56006
— WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
h5p
|
Remote
|
Cross-Site Scripting
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56005
— WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026