CVE-2025-59554
— WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-15657
— WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) v…
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied strin…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-9690
— WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-9570
— Taskbuilder < 5.0.8 - Reflected XSS via Shortcode
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Re…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-8607
— myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Pr…
The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in …
mycred
|
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-8494
— Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Script…
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to ins…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-8383
— LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each retur…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecti…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-7850
— WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authentica…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-5667
— Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability i…
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); …
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54811
— WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54807
— WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulner…
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54806
— WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54805
— WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
falang
|
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54804
— WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54803
— WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabil…
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54802
— WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerabi…
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54196
— WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026