CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Versions of the Product Filter Widget for Elementor up to 1.0.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of AutomatorWP up to 5.7.2 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is a vulnerability in EventPrime versions up to 4.3.2.1 that allows unauthenticated PHP object injection.
There is a Cross Site Scripting (XSS) vulnerability affecting subscribers in EventPrime versions <= 4.3.2.1.
Email Marketing for WooCommerce by Omnisend versions up to 1.18.0 contain a vulnerability in authentication that allows unauthorized access.
In Bookly versions up to 27.4, there is a vulnerability allowing unauthorized access to sensitive data.
The salon booking system versions up to 10.30.25 have an unauthenticated broken access control vulnerability that may allow unauthorized users to access resources.
Versions of Motive Commerce Search up to 1.38.2 contain a vulnerability in access control that allows unauthorized access to AI product search features in WooCommerce.
The WP Customer Area plugin versions up to 8.3.4 contain a Path Traversal vulnerability, which may allow unauthorized access to system files.
Versions of Classified Listing up to 5.3.8 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of AutomatorWP up to 5.6.7 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of Favicon Rotator up to 1.2.11 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
CloudSecure WP Security versions up to 1.4.7 contain a vulnerability that allows unauthorized session takeover.
The Simply Schedule Appointments application versions below 1.6.11.2 have a vulnerability that allows unauthorized access to sensitive data.
Versions of WP Time Slots Booking Form up to 1.2.46 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Amelia versions up to 2.2 have a vulnerability that allows unauthorized access to sensitive data.
ChatBot versions up to 7.9.7 have a vulnerability in access control that may allow unauthorized subscribers to access resources.
Versions of Quiz And Survey Master <= 11.0.0 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
AutomatorWP versions up to 5.6.7 have a vulnerability in subscriber authentication, which may lead to unauthorized access.
Versions of ReviewX <= 2.3.6 have an issue with unauthenticated broken authentication, potentially allowing attackers to access the system without proper credentials.

