CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Modula Image Gallery versions up to 2.14.18 are vulnerable to PHP Object Injection, which may lead to unauthorized access to the system.
Backup Migration versions up to 2.1.1 have a vulnerability that allows unauthorized access to sensitive data.
Versions of Anti-Malware Security and Brute-Force Firewall up to 4.23.87 are vulnerable to PHP Object Injection by attackers.
Post Duplicator versions up to 3.0.10 are vulnerable to PHP Object Injection, which may lead to unauthorized access or data manipulation.
The WooCommerce PDF Invoices & Packing Slips plugin versions below 5.9.0 contain a PHP Object Injection vulnerability in the shop manager.
Versions of ShortPixel Image Optimizer up to 6.4.3 are vulnerable to PHP Object Injection attacks, potentially leading to unauthorized system access.
The WooCommerce Cart Abandonment Recovery plugin versions below 2.1.0 have a vulnerability that allows for shop manager privilege escalation.
There is an unauthenticated Cross Site Scripting (XSS) vulnerability in ManageWP Worker versions <= 4.9.31. An attacker can exploit this flaw to inject malicious scripts in the user's context.
There is a broken authentication issue for subscribers in FunnelKit Automations versions <= 3.7.3.
Versions of Contact Form to Any API <= 3.0.3 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts.
Versions of Simply Schedule Appointments up to 1.6.10.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
Versions of CformsII up to 15.1.3 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
There is a PHP Object Injection vulnerability in the shop manager in CTX Feed versions <= 6.6.26.
The WooCommerce Product Table Lite plugin versions up to 4.6.3 contains a vulnerability to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this flaw to inject malicious JavaScript code.
Unauthenticated Cross Site Scripting (XSS) vulnerability exists in GiveWP versions <= 4.14.2. An attacker can exploit this flaw to inject malicious JavaScript code.
There is an unauthenticated broken access control in Event Tickets Manager for WooCommerce versions <= 1.5.3.
The IDPay Payment Gateway for WooCommerce versions up to 2.2.5 has a vulnerability that allows unauthorized access to sensitive data.
Simple Membership versions up to 4.7.1 have a vulnerability in access control that allows unauthorized access.
AI Engine versions up to 3.4.9 have a vulnerability that allows for editor privilege escalation.
Paid Videochat Turnkey Site versions up to 7.3.23 are vulnerable to unauthenticated deserialization of untrusted data.

