CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-56067
Critical

The JetSmartFilters plugin versions up to 3.8.3 contain an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows executing arbitrary SQL queries on the database.

CVE-2026-56066
Medium

The ShortPixel Adaptive Images plugin versions up to 3.11.4 contain a vulnerability allowing an unauthenticated attacker to delete arbitrary files on the server. The flaw is due to missing proper authorization and input validation.

CVE-2026-56064
High

SQL Injection vulnerability in Tourfic plugin up to version 2.22.5 allows a subscriber to inject malicious SQL code into database queries.

CVE-2026-56063
High

The vulnerability in the MailChimp Block plugin versions up to 1.1.15 allows unauthenticated attackers to bypass access controls. This can lead to unauthorized access to functions or data.

CVE-2026-56062
Critical

Unauthenticated SQL injection vulnerability in Quotes llama plugin versions up to 3.1.5. An attacker without authentication can execute arbitrary SQL queries.

CVE-2026-56061
High

The Subscriptions for WooCommerce plugin version 1.9.5 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on subscriptions without requiring authentication.

CVE-2026-56060
High

The Print Invoice & Delivery Notes for WooCommerce plugin version 7.1.1 and earlier allows unauthenticated attackers to access sensitive data. This vulnerability is due to missing proper authorization, enabling disclosure of confidential information without requiring login.

CVE-2026-56059
Critical

In the Travel Booking plugin version 2.2.5 and earlier, a vulnerability was found that allows a subscriber-level user to upload arbitrary files to the server. This flaw can be exploited to upload malicious software.

CVE-2026-56058
Critical

A vulnerability in the Quform plugin versions up to 2.23.0 allows a subscriber-level user to upload arbitrary files to the server. An attacker can exploit this flaw to upload a malicious file, potentially leading to full site compromise.

CVE-2026-56057
Critical

The Uncanny Automator Pro plugin version 7.3.0.6 and earlier is vulnerable to PHP Object Injection via a Subscriber role. An attacker can remotely execute arbitrary code on the server.

CVE-2026-56055
High

PHP Object Injection vulnerability in RealHomes plugin versions up to 4.5.3 allows an attacker with subscriber role to inject a malicious PHP object. This can lead to remote code execution or other unauthorized actions on the server.

CVE-2026-56048
Medium

The Payment Gateway Based Fees and Discounts for WooCommerce plugin version 3.0.0 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data or perform unauthorized operations without authentication.

CVE-2026-56047
High

The Perfmatters plugin version 2.6.3 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without authentication.

CVE-2026-56046
Medium

Cross Site Scripting (XSS) vulnerability in ListingPro plugin versions up to 2.9.11, allowing subscriber-level users to inject malicious JavaScript code.

CVE-2026-56045
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Automatic versions prior to 3.135.1.

CVE-2026-56044
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Blog2Social version 8.9.2 and earlier. The attack can be carried out without authentication, increasing the risk of exploitation.

CVE-2026-56043
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.

CVE-2026-56041
High

The Responsive Lightbox plugin version 2.7.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-56040
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Gutenverse Form plugin up to version 2.4.7.

CVE-2026-56039
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Quick Interest Slider versions up to and including 3.1.6.

PreviousPage 158 of 4553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS