CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-41556
Medium

There is a Cross Site Scripting (XSS) vulnerability in ProfilePress versions <= 4.16.13 related to subscribers.

CVE-2026-40799
Medium

Versions of Simple Cloudflare Turnstile up to 1.38.0 have a vulnerability in authentication that allows unauthorized access.

CVE-2026-40796
Medium

There is a vulnerability in WPPizza versions up to 3.19.9 that allows for the exposure of subscriber sensitive data.

CVE-2026-40795
Medium

Amelia versions up to 2.2 contain a broken access control vulnerability that may allow unauthorized users to access subscriber resources.

CVE-2026-40794
Medium

Versions of myCred up to 3.0.3 have a vulnerability in access control, allowing unauthorized access to subscriber resources.

CVE-2026-40793
Medium

Versions of Groundhogg below 4.4.1 have a broken access control issue for subscribers, potentially allowing unauthorized access to data.

CVE-2026-40792
Medium

In KiviCare versions <= 4.2.1, there is a vulnerability related to Insecure Direct Object References (IDOR) for subscribers.

CVE-2026-40790
Medium

There is a vulnerability in WP SMS versions up to 7.2.1 that exposes sensitive subscriber data.

CVE-2026-40782
Medium

WPAdverts versions <= 2.3.0 have an issue with unauthenticated access that can lead to broken access control.

CVE-2026-40773
Medium

Versions of rtMedia for WordPress, BuddyPress, and bbPress up to 4.7.9 have a vulnerability in access control that may allow unauthorized subscribers to access resources.

CVE-2026-40743
Medium

Versions of Tutor LMS up to 3.9.7 have an issue with unauthenticated access that can lead to broken access control.

CVE-2026-39594
Medium

There is a broken access control issue in Ultra Addons for WPForms versions <= 1.0.11 that may allow unauthorized users to access subscriber resources.

CVE-2026-39584
Medium

RepairBuddy versions up to 4.1132 have a broken access control issue that may allow subscribers unauthorized access to resources.

CVE-2026-39540
Medium

There is a Cross Site Scripting (XSS) vulnerability in Shipment Tracker for Woocommerce versions up to 1.5.3.2 affecting subscribers.

CVE-2026-39527
Medium

WpStream versions below 4.11.2 have a vulnerability allowing subscribers to upload arbitrary files.

CVE-2026-39525
Medium

Booking Activities versions up to 1.16.48.1 have a vulnerability in access control that allows unauthorized access.

CVE-2026-39515
Medium

Versions of the engine below 1.4.107 have a broken access control issue for subscribers, which may lead to unauthorized access to resources.

CVE-2026-39491
Medium

There is a Cross Site Scripting (XSS) vulnerability for subscribers in JupiterX Core versions <= 4.14.1.

CVE-2026-39489
Medium

In Download Monitor versions <= 5.1.9, there is a vulnerability that allows unauthorized users to download arbitrary files.

CVE-2026-39468
Medium

In Meta Box, a WordPress custom fields framework, there is a vulnerability allowing arbitrary file deletion by a contributor in versions up to 5.11.1.

PreviousPage 122 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS