CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
PHP Object Injection vulnerability in EventPrime plugin versions up to 4.3.4.1 allows subscribers to inject malicious PHP objects. This can lead to remote code execution or other unauthorized actions on the server.
The TablePress plugin for WordPress versions 3.3.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The PPOM for WooCommerce plugin contains an Improper Access Control vulnerability, allowing exploitation of incorrectly configured access control security levels. This issue affects versions from n/a through 33.0.18.
Post Snippets versions up to 4.0.19 contain a remote code execution (RCE) vulnerability, allowing attackers to execute unauthorized code on the server.
There is a Cross Site Scripting (XSS) vulnerability in Advanced Order Export For WooCommerce versions <= 4.0.9 that can be exploited by attackers to inject malicious code.
The UPI QR Code Payment Gateway for WooCommerce plugin version 1.6.2 and earlier contains a broken access control vulnerability. This allows unauthorized users to manipulate the payment process.
The Master Slider plugin versions up to 3.11.2 contain an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without authentication.
The License Manager for WooCommerce plugin version 3.0.15 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data without requiring authentication.
Versions of H5P up to 1.17.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.
The WP Activity Log plugin versions up to 5.6.3.1 contain a Cross Site Scripting (XSS) vulnerability that can be exploited by subscribers.
The Premmerce Wishlist plugin for WooCommerce versions up to 1.1.11 contains a vulnerability to unauthenticated SQL injection.
The vulnerability in APIExperts Square for WooCommerce allows the insertion of sensitive information into sent data, enabling retrieval of that data later.
The vulnerability allows an unauthenticated attacker to include arbitrary local files on the server in MDTF plugin versions up to and including 1.3.8.
The CheckView Automated Testing plugin version 2.1.0 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to testing features without authentication.
There is an unauthenticated SQL injection vulnerability in MDTF versions <= 1.3.7.
Missing Authorization in Royal Plugins Royal MCP allows exploiting incorrectly configured access control security levels. This issue affects Royal MCP from n/a through 1.4.25.
Versions of Vitepos up to 3.4.2 have a vulnerability that allows unauthorized access to sensitive data.
Versions of WC Vendors Marketplace up to 2.6.8 are vulnerable to SQL Injection attacks by subscribers.
SQL Injection vulnerability in YMC Filter allows an attacker to inject malicious SQL code. The flaw affects versions up to and including 3.11.5.
The Five Star Restaurant Reservations plugin version 2.7.19 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to reservation functions without required authentication.

