Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS.
This issue affects Web A…
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-58653
— PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update
PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspac…
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-58652
— luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter
luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the trav…
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57766
— WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery…
Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.
wpide
|
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57765
— WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57764
— WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (X…
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57763
— WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57762
— WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability
Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57761
— WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57760
— WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Sendcloud Shipping: from n/a through 1…
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57759
— WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57758
— WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulner…
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57757
— WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerabil…
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57756
— WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57755
— WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting …
Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57754
— WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scriptin…
Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57753
— WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Expo…
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
Remote
|
Information Disclosure
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57752
— WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
Contributor SQL Injection in iNET Webkit 1.2.4 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57751
— WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulne…
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
Remote
|
Cross-Site Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57750
— WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerabi…
Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026