CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
A vulnerability in the Paytium plugin versions up to 5.0.2 allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.
The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.
The Easy Elements for Elementor plugin versions 1.4.9 and earlier contain a vulnerability allowing unauthenticated privilege escalation. This flaw stems from insufficient permission checks within the plugin's functionality.
The Booster for WooCommerce plugin version 8.0.1 and earlier allows unauthorized arbitrary file upload by customers. This vulnerability can be exploited to upload malicious software to the server.
A Server Side Request Forgery (SSRF) vulnerability exists in the utm.codes plugin versions up to 1.9.0. It allows a Subscriber to send HTTP requests from the server to internal or external resources.
The Paymob for WooCommerce plugin version 4.1.2 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.
The vulnerability allows an unauthenticated attacker to execute XSS scripts in the MapPress Maps plugin for WordPress versions up to and including 2.97.3.
The vulnerability in the Abandoned Cart Pro plugin for WooCommerce version 10.4.0 and below allows subscribers to escalate privileges. An attacker can exploit this flaw to gain unauthorized access to administrative functions.
The Fusion Builder plugin for WordPress versions 3.15.4 and earlier contains a privilege escalation vulnerability exploitable by contributors. An attacker with contributor role can gain unauthorized access to administrative functions.
The Stylish Cost Calculator plugin in versions 8.3.9 and earlier contains a broken access control vulnerability that allows an unauthenticated attacker to bypass authorization. This vulnerability can lead to unauthorized access to cost calculator functions.
The Syncee Premium Dropshipping & Wholesale plugin in version 1.0.27 and below contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected functions or data.
The Newsletters plugin versions up to 4.13 contain an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.
The Trinity Backup plugin for WordPress in versions 2.0.9 and below allows unauthenticated users to access sensitive data. This vulnerability enables information disclosure without requiring authentication.
The Intranet & Private Site – All-In-One Intranet plugin version 1.8.1 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected intranet resources.
The Five Star Restaurant Menu plugin version 2.5.2 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.
Vulnerability in Object Cache 4 everyone versions up to 2.3.2 allows an unauthenticated attacker to access sensitive data. Lack of required authentication leads to exposure of confidential information.
The Enable CORS plugin versions up to 2.0.3 contain an unauthenticated backdoor that can be exploited by an unauthorized attacker.
The vulnerability in the Gutenverse Companion plugin version 2.5.0 and earlier allows unauthenticated attackers to bypass access controls. This flaw results from improper permission verification, enabling unauthorized operations without required authentication.
The GeoDirectory plugin in versions up to 2.8.162 contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows unauthorized database queries to be executed.
SQL Injection vulnerability in Real Estate 7 plugin versions up to 3.5.9 allows unauthenticated attackers to inject malicious SQL code. This can lead to unauthorized database access and data leakage.

