CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-57525
Unknown

CVE-2026-57525 has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.

CVE-2026-57523
Unknown

This CVE has been rejected or withdrawn by its CVE Numbering Authority. It contains no vulnerability information.

CVE-2026-57341
Medium

The Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin version 2.9.0 and below contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker without authentication to access sensitive data or operations by manipulating object identifiers.

CVE-2026-57340
Medium

The Japanized For WooCommerce plugin version 2.9.12 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

CVE-2026-57339
Medium

The Business Directory plugin version 6.4.23 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

CVE-2026-57338
High

The ARForms plugin version 7.1.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57337
High

The Landing Page Builder plugin version 1.5.3.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows an attacker to inject malicious script without requiring authentication.

CVE-2026-57336
High

The Jobify plugin version 4.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57335
Medium

The Ads by WPQuads plugin version 3.0.3 and earlier contains a broken access control vulnerability exploitable by subscribers. This allows a subscriber-level user to gain unauthorized access to advertising features.

CVE-2026-57334
Medium

The WP User Frontend plugin versions up to 4.3.7 contain a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to functions intended for authenticated users.

CVE-2026-57333
High

The Link Whisper Free plugin version 0.9.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57332
High

The Wallet System for WooCommerce plugin version 2.7.6 and earlier contains a broken access control vulnerability for subscribers. This allows users with the subscriber role to perform operations they should not be authorized for.

CVE-2026-57331
Critical

The Performer Arbitrary File Deletion vulnerability in Paid Videochat Turnkey Site versions up to 7.4.8 allows an attacker to delete arbitrary files on the server. This flaw can be exploited to remove critical system or application files.

CVE-2026-57330
Medium

A Cross Site Scripting (XSS) vulnerability in MasterStudy LMS plugin version 3.7.27 and earlier allows an attacker with subscriber role to inject malicious script. This can lead to session theft or redirection to a malicious site.

CVE-2026-57329
Medium

The WooCommerce Designer Pro plugin version 1.9.34 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. It allows an attacker with subscriber role to inject malicious JavaScript code into the page.

CVE-2026-57328
Medium

The Business Directory plugin version 6.4.22 and earlier is vulnerable to Cross Site Scripting (XSS) from a subscriber level. An authenticated subscriber can inject malicious JavaScript code.

CVE-2026-57327
Medium

The MainWP plugin for WordPress versions 6.1.1 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to functions intended for administrators.

CVE-2026-57326
Medium

The Business Directory plugin version 6.4.22 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57320
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in BEAR versions 1.1.8 and earlier. It allows a remote attacker to inject malicious JavaScript code into the page without requiring authentication.

CVE-2026-56290
CriticalActively exploitedEPSS 50%

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full remote code execution (RCE).

PreviousPage 124 of 4541Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS