CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-56060
High

The Print Invoice & Delivery Notes for WooCommerce plugin version 7.1.1 and earlier allows unauthenticated attackers to access sensitive data. This vulnerability is due to missing proper authorization, enabling disclosure of confidential information without requiring login.

CVE-2026-56059
Critical

In the Travel Booking plugin version 2.2.5 and earlier, a vulnerability was found that allows a subscriber-level user to upload arbitrary files to the server. This flaw can be exploited to upload malicious software.

CVE-2026-56058
Critical

A vulnerability in the Quform plugin versions up to 2.23.0 allows a subscriber-level user to upload arbitrary files to the server. An attacker can exploit this flaw to upload a malicious file, potentially leading to full site compromise.

CVE-2026-56057
Critical

The Uncanny Automator Pro plugin version 7.3.0.6 and earlier is vulnerable to PHP Object Injection via a Subscriber role. An attacker can remotely execute arbitrary code on the server.

CVE-2026-56055
High

PHP Object Injection vulnerability in RealHomes plugin versions up to 4.5.3 allows an attacker with subscriber role to inject a malicious PHP object. This can lead to remote code execution or other unauthorized actions on the server.

CVE-2026-56048
Medium

The Payment Gateway Based Fees and Discounts for WooCommerce plugin version 3.0.0 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data or perform unauthorized operations without authentication.

CVE-2026-56047
High

The Perfmatters plugin version 2.6.3 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without authentication.

CVE-2026-56046
Medium

Cross Site Scripting (XSS) vulnerability in ListingPro plugin versions up to 2.9.11, allowing subscriber-level users to inject malicious JavaScript code.

CVE-2026-56045
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Automatic versions prior to 3.135.1.

CVE-2026-56044
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Blog2Social version 8.9.2 and earlier. The attack can be carried out without authentication, increasing the risk of exploitation.

CVE-2026-56043
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.

CVE-2026-56041
High

The Responsive Lightbox plugin version 2.7.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-56040
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Gutenverse Form plugin up to version 2.4.7.

CVE-2026-56039
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Quick Interest Slider versions up to and including 3.1.6.

CVE-2026-56038
High

Privilege escalation vulnerability in Frisbii Pay plugin for WordPress versions up to 1.8.2 allows contributors to gain unauthorized administrative access.

CVE-2026-56036
Critical

Unauthenticated SQL injection vulnerability in WordPress 결제 심플페이 plugin versions up to 5.5.6. An unauthenticated attacker can execute arbitrary SQL queries.

CVE-2026-56035
High

BitFire Security plugin version 5.0.3 and earlier contains multiple unauthenticated vulnerabilities. An attacker can remotely exploit these flaws without requiring authentication.

CVE-2026-56034
Critical

An unauthenticated SQL Injection vulnerability exists in Library Management System versions 3.5.7 and earlier. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.

CVE-2026-56033
Critical

A vulnerability in the Dokan Pro plugin version 5.0.4 and earlier allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.

CVE-2026-56032
Critical

The vulnerability in Buddyboss Platform versions up to 3.0.4 allows subscribers to perform PHP object injection. An attacker can exploit this flaw to execute arbitrary code on the server.

PreviousPage 143 of 4530Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS