CVE-2026-57340
— WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57339
— WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57338
— WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
arforms
|
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57337
— WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerabili…
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57336
— WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
jobify
|
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57335
— WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability
Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.
Remote
|
Authorization
Jun 29, 2026
Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
CVE-2026-57334
— WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57333
— WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulner…
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57332
— WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerabi…
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57331
— WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerabi…
Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions.
Remote
|
Path Traversal
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57330
— WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57329
— WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerab…
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jul 01, 2026
Jun 29, 2026
Jul 01, 2026
CVE-2026-57328
— WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57327
— WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MainWP <= 6.1.1 versions.
mainwp
|
Remote
|
Authorization
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57326
— WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.
Remote
|
Cross-Site Scripting
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-57320
— WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-56124
— phpUploader < 2.0.2 Unauthenticated Database Exposure via index model
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any…
Remote
|
Information Disclosure
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
Jun 29, 2026
CVE-2026-55844
— Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possi…
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores the SSID allowlist for internal networks. The app us…
Jun 29, 2026
Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
CVE-2026-55607
— Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execu…
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, …
Jun 29, 2026
Jun 30, 2026
Jun 29, 2026
Jun 30, 2026
CVE-2026-49049
— Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
helix3
|
Remote
|
Authorization
Jun 29, 2026
Jun 30, 2026
Jun 29, 2026
Jun 30, 2026