CVE-2026-57350
— WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57349
— WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.17 - Cross Site Scripting (XSS) vulner…
Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57348
— WordPress Paid Member Subscriptions plugin <= 3.0.4 - Server Side Request Forgery (SSRF) …
Unauthenticated Server Side Request Forgery (SSRF) in Paid Member Subscriptions <= 3.0.4 versions.
Remote
|
Server-Side Request Forgery
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57347
— WordPress Hotel Booking Lite plugin <= 6.0.3 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
Remote
|
Information Disclosure
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57345
— WordPress Internal Links Manager plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerabili…
Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57344
— WordPress Classified Listing plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57343
— WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-57342
— WordPress ShortPixel Adaptive Images plugin <= 3.11.3 - Cross Site Scripting (XSS) vulner…
Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-49779
— WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-42382
— WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Audrey <= 1.5 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-39448
— WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerabili…
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27436
— WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Executi…
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27433
— WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
Remote
|
Authorization
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27430
— WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27426
— WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scrip…
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27425
— WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulne…
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27419
— WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.
zegen
|
Remote
|
Misconfiguration
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27414
— WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.
Remote
|
Injection
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27412
— WordPress Pearl - Corporate Business theme <= 3.4.10 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
Remote
|
Path Traversal
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
CVE-2026-27408
— WordPress NativeChurch theme <= 4.8.8.2 - Reflected Cross Site Scripting (XSS) vulnerabil…
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
Remote
|
Cross-Site Scripting
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Jul 02, 2026