CVE-2026-57355
— WordPress Classified Listing plugin <= 5.4.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Classified Listing <= 5.4.2 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57354
— WordPress JetReviews plugin <= 3.0.0.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57353
— WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in Link Whisper Premium <= 2.9.0 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57352
— WordPress ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 2.2…
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions.
Remote
|
Authentication
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57351
— WordPress HandL UTM Grabber plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57350
— WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57349
— WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.17 - Cross Site Scripting (XSS) vulner…
Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57348
— WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) …
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
Remote
|
Server-Side Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57347
— WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
Remote
|
Information Disclosure
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57345
— WordPress Internal Links Manager plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerabili…
Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57344
— WordPress Classified Listing plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57343
— WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57342
— WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulner…
Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-49779
— WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-42382
— WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-39448
— WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerabili…
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27436
— WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Executi…
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27433
— WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27430
— WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27426
— WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scrip…
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026