CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-56030
Critical

A vulnerability in the Paytium plugin versions up to 5.0.2 allows an unauthenticated attacker to escalate privileges. This means a person without a valid account can gain higher privileges in the system.

CVE-2026-56029
High

The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.

CVE-2026-56028
Critical

The Easy Elements for Elementor plugin versions 1.4.9 and earlier contain a vulnerability allowing unauthenticated privilege escalation. This flaw stems from insufficient permission checks within the plugin's functionality.

CVE-2026-56027
Critical

The Booster for WooCommerce plugin version 8.0.1 and earlier allows unauthorized arbitrary file upload by customers. This vulnerability can be exploited to upload malicious software to the server.

CVE-2026-56026
Medium

A Server Side Request Forgery (SSRF) vulnerability exists in the utm.codes plugin versions up to 1.9.0. It allows a Subscriber to send HTTP requests from the server to internal or external resources.

CVE-2026-56025
High

The Paymob for WooCommerce plugin version 4.1.2 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.

CVE-2026-56011
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the MapPress Maps plugin for WordPress versions up to and including 2.97.3.

CVE-2026-56010
High

The vulnerability in the Abandoned Cart Pro plugin for WooCommerce version 10.4.0 and below allows subscribers to escalate privileges. An attacker can exploit this flaw to gain unauthorized access to administrative functions.

CVE-2026-56008
High

The Fusion Builder plugin for WordPress versions 3.15.4 and earlier contains a privilege escalation vulnerability exploitable by contributors. An attacker with contributor role can gain unauthorized access to administrative functions.

CVE-2026-54847
High

The Stylish Cost Calculator plugin in versions 8.3.9 and earlier contains a broken access control vulnerability that allows an unauthenticated attacker to bypass authorization. This vulnerability can lead to unauthorized access to cost calculator functions.

CVE-2026-54846
High

The Syncee Premium Dropshipping & Wholesale plugin in version 1.0.27 and below contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected functions or data.

CVE-2026-54840
High

The Newsletters plugin versions up to 4.13 contain an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.

CVE-2026-54839
High

The Trinity Backup plugin for WordPress in versions 2.0.9 and below allows unauthenticated users to access sensitive data. This vulnerability enables information disclosure without requiring authentication.

CVE-2026-54837
High

The Intranet & Private Site – All-In-One Intranet plugin version 1.8.1 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected intranet resources.

CVE-2026-54835
High

The Five Star Restaurant Menu plugin version 2.5.2 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

CVE-2026-54834
High

Vulnerability in Object Cache 4 everyone versions up to 2.3.2 allows an unauthenticated attacker to access sensitive data. Lack of required authentication leads to exposure of confidential information.

CVE-2026-54833
High

The Enable CORS plugin versions up to 2.0.3 contain an unauthenticated backdoor that can be exploited by an unauthorized attacker.

CVE-2026-54832
High

The vulnerability in the Gutenverse Companion plugin version 2.5.0 and earlier allows unauthenticated attackers to bypass access controls. This flaw results from improper permission verification, enabling unauthorized operations without required authentication.

CVE-2026-54831
Critical

The GeoDirectory plugin in versions up to 2.8.162 contains an SQL injection vulnerability that can be exploited by an unauthenticated attacker. The flaw allows unauthorized database queries to be executed.

CVE-2026-54827
Critical

SQL Injection vulnerability in Real Estate 7 plugin versions up to 3.5.9 allows unauthenticated attackers to inject malicious SQL code. This can lead to unauthorized database access and data leakage.

PreviousPage 167 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS