CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
The Perfmatters plugin version 2.6.3 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without authentication.
Cross Site Scripting (XSS) vulnerability in ListingPro plugin versions up to 2.9.11, allowing subscriber-level users to inject malicious JavaScript code.
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Automatic versions prior to 3.135.1.
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Blog2Social version 8.9.2 and earlier. The attack can be carried out without authentication, increasing the risk of exploitation.
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.
The Responsive Lightbox plugin version 2.7.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Gutenverse Form plugin up to version 2.4.7.
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Quick Interest Slider versions up to and including 3.1.6.
Privilege escalation vulnerability in Frisbii Pay plugin for WordPress versions up to 1.8.2 allows contributors to gain unauthorized administrative access.
Unauthenticated SQL injection vulnerability in WordPress 결제 심플페이 plugin versions up to 5.5.6. An unauthenticated attacker can execute arbitrary SQL queries.
BitFire Security plugin version 5.0.3 and earlier contains multiple unauthenticated vulnerabilities. An attacker can remotely exploit these flaws without requiring authentication.
An unauthenticated SQL Injection vulnerability exists in Library Management System versions 3.5.7 and earlier. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.
A vulnerability in the Dokan Pro plugin version 5.0.4 and earlier allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.
The vulnerability in Buddyboss Platform versions up to 3.0.4 allows subscribers to perform PHP object injection. An attacker can exploit this flaw to execute arbitrary code on the server.
The vulnerability allows an unauthenticated attacker to perform PHP Object Injection in Uncanny Automator versions up to and including 7.3.1.2. This can lead to remote code execution or other dangerous operations on the server.
A vulnerability in the Paytium plugin versions up to 5.0.2 allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.
The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.
The Easy Elements for Elementor plugin versions 1.4.9 and earlier contain a vulnerability allowing unauthenticated privilege escalation. This flaw stems from insufficient permission checks within the plugin's functionality.
The Booster for WooCommerce plugin version 8.0.1 and earlier allows unauthorized arbitrary file upload by customers. This vulnerability can be exploited to upload malicious software to the server.
A Server Side Request Forgery (SSRF) vulnerability exists in the utm.codes plugin versions up to 1.9.0. It allows a Subscriber to send HTTP requests from the server to internal or external resources.

