CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
There is an unauthenticated Cross Site Scripting (XSS) vulnerability in Simple Membership versions <= 4.7.2. An attacker can exploit this flaw to inject malicious scripts.
Event Tickets versions up to 5.27.5 contain a vulnerability that allows unauthenticated bypass of security measures.
Contest Gallery versions up to 28.1.7 have a vulnerability that allows for the exposure of subscriber sensitive data.
Versions of Advanced Form Integration up to 1.126.12 have a vulnerability in access control that may allow subscribers unauthorized access to resources.
Contest Gallery versions up to 28.1.7 contain an unauthenticated vulnerability that may be exploited by attackers.
There is a Cross Site Scripting (XSS) vulnerability affecting subscribers in Contest Gallery versions up to 28.1.6.
Unauthenticated bypass vulnerability in Best Payments plugin for WordPress versions up to 4.6.19.
Classified Listing versions up to 5.3.9 have a vulnerability in access control that may allow unauthorized subscribers to access resources.
Classified Listing versions up to 5.3.8 have a vulnerability in access control that allows unauthorized access.
There is a broken authentication issue in WP Full Stripe Free versions up to 8.4.1, which may lead to unauthorized access to user accounts.
There is a Cross Site Scripting (XSS) vulnerability in ProfilePress versions <= 4.16.13 related to subscribers.
Versions of Simple Cloudflare Turnstile up to 1.38.0 have a vulnerability in authentication that allows unauthorized access.
There is a vulnerability in WPPizza versions up to 3.19.9 that allows for the exposure of subscriber sensitive data.
Amelia versions up to 2.2 contain a broken access control vulnerability that may allow unauthorized users to access subscriber resources.
Versions of myCred up to 3.0.3 have a vulnerability in access control, allowing unauthorized access to subscriber resources.
Versions of Groundhogg below 4.4.1 have a broken access control issue for subscribers, potentially allowing unauthorized access to data.
In KiviCare versions <= 4.2.1, there is a vulnerability related to Insecure Direct Object References (IDOR) for subscribers.
There is a vulnerability in WP SMS versions up to 7.2.1 that exposes sensitive subscriber data.
WPAdverts versions <= 2.3.0 have an issue with unauthenticated access that can lead to broken access control.
Versions of rtMedia for WordPress, BuddyPress, and bbPress up to 4.7.9 have a vulnerability in access control that may allow unauthorized subscribers to access resources.

