CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Versions of VikRentCar <= 1.4.5 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.
There is a SQL Injection vulnerability in Taskbuilder versions <= 5.0.7 that can be exploited by subscribers.
Versions of ABC Crypto Checkout up to 1.8.2 have a vulnerability that allows unauthorized access to sensitive data.
The Signature Add-On for WooCommerce versions <= 2.0 has a vulnerability that allows unauthorized access to sensitive data.
Versions of Affiliates Manager up to 2.9.50 have a vulnerability that allows unauthorized access to sensitive data.
Dokan versions up to 5.0.2 contain a vulnerability that allows customer privilege escalation.
Shared Files versions up to 1.7.64 are vulnerable to an unauthenticated Path Traversal attack, allowing an attacker to access system files.
In WooCommerce versions up to 3.1.4, there is a vulnerability of unauthenticated broken authentication in the Upsell Order Bump Offer feature.
LatePoint versions up to 5.5.1 contain a vulnerability that allows privilege escalation for contributors.
Versions of Chatway Live Chat, AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service, and Chat Buttons up to 1.4.8 have a vulnerability that allows for the exposure of subscriber sensitive data.
There is an unauthenticated vulnerability type in WP Travel Engine versions up to 6.7.10 that could be exploited by attackers.
In Knit Pay versions <= 9.4.0.0, there is an unauthenticated broken access control vulnerability that may allow unauthorized users to access resources.
Coupon Affiliates versions up to 7.8.1 have a vulnerability that allows the exposure of subscriber sensitive data.
The Conekta Payment Gateway versions up to 6.0.0 have a vulnerability that allows unauthenticated access to sensitive data.
The Hippoo mobile app for WooCommerce versions up to 1.9.5 has an issue with unauthenticated access that may lead to broken access control.
Listdom versions up to 5.5.0 contain a vulnerability that allows unauthenticated privilege escalation.
In WPC Product Options for WooCommerce versions <= 3.2.1, there is a vulnerability allowing unauthenticated arbitrary file download.
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions up to 4.9.4 has a vulnerability that allows unauthorized access to sensitive data.
Versions of Drag and Drop Multiple File Upload – Contact Form 7 up to 1.3.9.7 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of Really Simple SSL up to 9.5.10 have a vulnerability in authentication that allows for unauthorized access.

