CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-57319
High

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in FOX versions 1.4.8 and earlier. It allows a remote attacker to inject malicious script without authentication.

CVE-2026-57318
Medium

The Site Reviews plugin version 8.0.11 and earlier allows sensitive subscriber data exposure. This vulnerability enables unauthorized users to access information that should be protected.

CVE-2026-57317
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Simply Schedule Appointments plugin versions up to and including 1.6.12.2.

CVE-2026-57316
Medium

The vulnerability in GetGenie plugin versions up to 4.4.2 allows exposure of sensitive subscriber data. An attacker can access information that should be protected.

CVE-2026-57315
High

The vulnerability allows remote code execution (RCE) in the Blocksy Companion Pro plugin up to version 2.1.45. An attacker can exploit this flaw to take control of the server.

CVE-2026-57314
High

SureCart plugin version 4.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57313
Medium

Cross Site Scripting (XSS) vulnerability in SureCart plugin versions up to 4.2.2, allowing a subscriber-level user to inject malicious script.

CVE-2026-57312
High

Unauthenticated Cross Site Scripting (XSS) vulnerability in Everest Forms versions up to 3.4.8.

CVE-2026-56773
High

The Teable v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints such as GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.

CVE-2026-56072
High

Unauthenticated Cross Site Scripting (XSS) vulnerability in WoodMart versions up to 8.5.3 allows an attacker to execute malicious scripts without authentication.

CVE-2026-56070
Critical

The Advance Product Search plugin version 1.4.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can send specially crafted queries to execute arbitrary SQL commands on the database.

CVE-2026-56069
High

An IDOR vulnerability in Toolset Forms versions up to 2.6.24 allows an unauthenticated attacker to access unauthorized data by manipulating object identifiers.

CVE-2026-56068
Critical

The JetEngine plugin for WordPress versions 3.8.10.2 and earlier contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. This vulnerability allows unauthorized database queries to be executed.

CVE-2026-56067
Critical

The JetSmartFilters plugin versions up to 3.8.3 contain an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows executing arbitrary SQL queries on the database.

CVE-2026-56066
Medium

The ShortPixel Adaptive Images plugin versions up to 3.11.4 contain a vulnerability allowing an unauthenticated attacker to delete arbitrary files on the server. The flaw is due to missing proper authorization and input validation.

CVE-2026-56064
High

SQL Injection vulnerability in Tourfic plugin up to version 2.22.5 allows a subscriber to inject malicious SQL code into database queries.

CVE-2026-56063
High

The vulnerability in the MailChimp Block plugin versions up to 1.1.15 allows unauthenticated attackers to bypass access controls. This can lead to unauthorized access to functions or data.

CVE-2026-56062
Critical

Unauthenticated SQL injection vulnerability in Quotes llama plugin versions up to 3.1.5. An attacker without authentication can execute arbitrary SQL queries.

CVE-2026-56061
High

The Subscriptions for WooCommerce plugin version 1.9.5 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on subscriptions without requiring authentication.

CVE-2026-56060
High

The Print Invoice & Delivery Notes for WooCommerce plugin version 7.1.1 and earlier allows unauthenticated attackers to access sensitive data. This vulnerability is due to missing proper authorization, enabling disclosure of confidential information without requiring login.

PreviousPage 165 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS