CVE-2026-56013
— WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object Refer…
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
Jun 25, 2026
Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
CVE-2026-56006
— WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.
h5p
|
Remote
|
Cross-Site Scripting
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-56005
— WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54849
— WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerabili…
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
Remote
|
Injection
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54848
— WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vul…
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooC…
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54845
— WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.
Jun 25, 2026
Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
CVE-2026-54844
— WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerabili…
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
Remote
|
Authorization
Jun 25, 2026
Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
CVE-2026-54843
— WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54842
— WordPress Royal MCP plugin <= 1.4.25 - Broken Access Control vulnerability
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
Remote
|
Authorization
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54841
— WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.
Remote
|
Information Disclosure
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54838
— WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability
Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.
Remote
|
Injection
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54836
— WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.
This issue affects YMC Filter: from n/a through 3.11.5.
Jun 25, 2026
Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
CVE-2026-54830
— WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vuln…
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
Jun 25, 2026
Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
CVE-2026-54829
— WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo A…
Remote
|
Injection
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54828
— WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54823
— WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
Remote
|
Injection
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54822
— WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability
Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-54821
— WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.
Jun 25, 2026
Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
CVE-2026-52690
— Spoofed answers can mark an authoritative non-EDNS capable
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
CVE-2026-4526
— Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has al…
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Jun 25, 2026