CVE-2026-57338
— WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
arforms
|
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57337
— WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerabili…
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57336
— WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
jobify
|
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57335
— WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57334
— WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57333
— WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulner…
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57332
— WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerabi…
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57331
— WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerabi…
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Remote
|
Path Traversal
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57330
— WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57329
— WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerab…
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57328
— WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57327
— WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MainWP <= 6.1.1 versions.
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57326
— WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57320
— WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13571
— SourceCodester Simple Food Ordering System cart.php logic error
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument item_price can lea…
Remote
|
Misconfiguration
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation …
Remote
|
Authentication
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13676
— fast-uri vulnerable to host confusion via failed IDN canonicalization
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constru…
Remote
|
Misconfiguration
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers wit…
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-56457
— HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information
HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an attacker with access to the logs to potentially obtain…
Remote
|
Information Disclosure
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-13570
— SourceCodester Inventory Management System User Registration Endpoint users_handler.php c…
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Perform…
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
