CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-45437
High

Versions of the Product Filter Widget for Elementor up to 1.0.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-42775
High

Versions of AutomatorWP up to 5.7.2 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-42687
High

There is a vulnerability in EventPrime versions up to 4.3.2.1 that allows unauthenticated PHP object injection.

CVE-2026-42686
High

There is a Cross Site Scripting (XSS) vulnerability affecting subscribers in EventPrime versions <= 4.3.2.1.

CVE-2026-42668
High

Email Marketing for WooCommerce by Omnisend versions up to 1.18.0 contain a vulnerability in authentication that allows unauthorized access.

CVE-2026-42667
High

In Bookly versions up to 27.4, there is a vulnerability allowing unauthorized access to sensitive data.

CVE-2026-42666
High

The salon booking system versions up to 10.30.25 have an unauthenticated broken access control vulnerability that may allow unauthorized users to access resources.

CVE-2026-42664
High

Versions of Motive Commerce Search up to 1.38.2 contain a vulnerability in access control that allows unauthorized access to AI product search features in WooCommerce.

CVE-2026-42661
High

The WP Customer Area plugin versions up to 8.3.4 contain a Path Traversal vulnerability, which may allow unauthorized access to system files.

CVE-2026-42658
High

Versions of Classified Listing up to 5.3.8 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-42650
High

Versions of AutomatorWP up to 5.6.7 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-42649
High

Versions of Favicon Rotator up to 1.2.11 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-42411
High

CloudSecure WP Security versions up to 1.4.7 contain a vulnerability that allows unauthorized session takeover.

CVE-2026-42384
High

The Simply Schedule Appointments application versions below 1.6.11.2 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-40791
High

Versions of WP Time Slots Booking Form up to 1.2.46 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-40789
High

Amelia versions up to 2.2 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-40788
High

ChatBot versions up to 7.9.7 have a vulnerability in access control that may allow unauthorized subscribers to access resources.

CVE-2026-40787
High

Versions of Quiz And Survey Master <= 11.0.0 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-40785
High

AutomatorWP versions up to 5.6.7 have a vulnerability in subscriber authentication, which may lead to unauthorized access.

CVE-2026-40781
High

Versions of ReviewX <= 2.3.6 have an issue with unauthenticated broken authentication, potentially allowing attackers to access the system without proper credentials.

PreviousPage 135 of 3361Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS