CVE-2026-8383
— LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each retur…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecti…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-7850
— WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authentica…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-5667
— Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability i…
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); …
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54811
— WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54807
— WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulner…
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54806
— WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54805
— WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
falang
|
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54804
— WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54803
— WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabil…
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54802
— WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerabi…
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54196
— WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54195
— WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54194
— WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54192
— WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54189
— WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54188
— WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54187
— WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54186
— WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026