CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-39481
High

Modula Image Gallery versions up to 2.14.18 are vulnerable to PHP Object Injection, which may lead to unauthorized access to the system.

CVE-2026-39480
High

Backup Migration versions up to 2.1.1 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-39478
High

Versions of Anti-Malware Security and Brute-Force Firewall up to 4.23.87 are vulnerable to PHP Object Injection by attackers.

CVE-2026-39474
High

Post Duplicator versions up to 3.0.10 are vulnerable to PHP Object Injection, which may lead to unauthorized access or data manipulation.

CVE-2026-39472
High

The WooCommerce PDF Invoices & Packing Slips plugin versions below 5.9.0 contain a PHP Object Injection vulnerability in the shop manager.

CVE-2026-39471
High

Versions of ShortPixel Image Optimizer up to 6.4.3 are vulnerable to PHP Object Injection attacks, potentially leading to unauthorized system access.

CVE-2026-39470
High

The WooCommerce Cart Abandonment Recovery plugin versions below 2.1.0 have a vulnerability that allows for shop manager privilege escalation.

CVE-2026-39463
High

There is an unauthenticated Cross Site Scripting (XSS) vulnerability in ManageWP Worker versions <= 4.9.31. An attacker can exploit this flaw to inject malicious scripts in the user's context.

CVE-2026-39450
High

There is a broken authentication issue for subscribers in FunnelKit Automations versions <= 3.7.3.

CVE-2026-39449
High

Versions of Contact Form to Any API <= 3.0.3 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.

CVE-2026-39447
High

Versions of Simply Schedule Appointments up to 1.6.10.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-39435
High

Versions of CformsII up to 15.1.3 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-39434
High

There is a PHP Object Injection vulnerability in the shop manager in CTX Feed versions <= 6.6.26.

CVE-2026-34902
High

The WooCommerce Product Table Lite plugin versions up to 4.6.3 contains a vulnerability to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this flaw to inject malicious JavaScript code.

CVE-2026-34900
High

Unauthenticated Cross Site Scripting (XSS) vulnerability exists in GiveWP versions <= 4.14.2. An attacker can exploit this flaw to inject malicious JavaScript code.

CVE-2026-34898
High

There is an unauthenticated broken access control in Event Tickets Manager for WooCommerce versions <= 1.5.3.

CVE-2026-34891
High

The IDPay Payment Gateway for WooCommerce versions up to 2.2.5 has a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-34886
High

Simple Membership versions up to 4.7.1 have a vulnerability in access control that allows unauthorized access.

CVE-2026-27407
High

AI Engine versions up to 3.4.9 have a vulnerability that allows for editor privilege escalation.

CVE-2026-27333
High

Paid Videochat Turnkey Site versions up to 7.3.23 are vulnerable to unauthenticated deserialization of untrusted data.

PreviousPage 140 of 3364Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS