CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-42663
Medium

There is an unauthenticated Cross Site Scripting (XSS) vulnerability in Simple Membership versions <= 4.7.2. An attacker can exploit this flaw to inject malicious scripts.

CVE-2026-42662
Medium

Event Tickets versions up to 5.27.5 contain a vulnerability that allows unauthenticated bypass of security measures.

CVE-2026-42660
Medium

Contest Gallery versions up to 28.1.7 have a vulnerability that allows for the exposure of subscriber sensitive data.

CVE-2026-42659
Medium

Versions of Advanced Form Integration up to 1.126.12 have a vulnerability in access control that may allow subscribers unauthorized access to resources.

CVE-2026-42657
Medium

Contest Gallery versions up to 28.1.7 contain an unauthenticated vulnerability that may be exploited by attackers.

CVE-2026-42656
Medium

There is a Cross Site Scripting (XSS) vulnerability affecting subscribers in Contest Gallery versions up to 28.1.6.

CVE-2026-42655
Medium

Unauthenticated bypass vulnerability in Best Payments plugin for WordPress versions up to 4.6.19.

CVE-2026-42651
Medium

Classified Listing versions up to 5.3.9 have a vulnerability in access control that may allow unauthorized subscribers to access resources.

CVE-2026-42640
Medium

Classified Listing versions up to 5.3.8 have a vulnerability in access control that allows unauthorized access.

CVE-2026-42378
Medium

There is a broken authentication issue in WP Full Stripe Free versions up to 8.4.1, which may lead to unauthorized access to user accounts.

CVE-2026-41556
Medium

There is a Cross Site Scripting (XSS) vulnerability in ProfilePress versions <= 4.16.13 related to subscribers.

CVE-2026-40799
Medium

Versions of Simple Cloudflare Turnstile up to 1.38.0 have a vulnerability in authentication that allows unauthorized access.

CVE-2026-40796
Medium

There is a vulnerability in WPPizza versions up to 3.19.9 that allows for the exposure of subscriber sensitive data.

CVE-2026-40795
Medium

Amelia versions up to 2.2 contain a broken access control vulnerability that may allow unauthorized users to access subscriber resources.

CVE-2026-40794
Medium

Versions of myCred up to 3.0.3 have a vulnerability in access control, allowing unauthorized access to subscriber resources.

CVE-2026-40793
Medium

Versions of Groundhogg below 4.4.1 have a broken access control issue for subscribers, potentially allowing unauthorized access to data.

CVE-2026-40792
Medium

In KiviCare versions <= 4.2.1, there is a vulnerability related to Insecure Direct Object References (IDOR) for subscribers.

CVE-2026-40790
Medium

There is a vulnerability in WP SMS versions up to 7.2.1 that exposes sensitive subscriber data.

CVE-2026-40782
Medium

WPAdverts versions <= 2.3.0 have an issue with unauthenticated access that can lead to broken access control.

CVE-2026-40773
Medium

Versions of rtMedia for WordPress, BuddyPress, and bbPress up to 4.7.9 have a vulnerability in access control that may allow unauthorized subscribers to access resources.

PreviousPage 115 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS