CVE-2026-8494
— Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Script…
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to ins…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-8383
— LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each retur…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecti…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-7850
— WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute
The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authentica…
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-5667
— Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability i…
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); …
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54811
— WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54807
— WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulner…
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54806
— WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54805
— WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
falang
|
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54804
— WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54803
— WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabil…
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54802
— WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerabi…
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54196
— WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54195
— WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54194
— WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54192
— WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54189
— WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54188
— WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54187
— WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026