CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-13223
Medium

The payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-13222
Medium

The payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-57619
Medium

The Elementor Website Builder plugin version 4.1.3 and earlier contains a contributor sensitive data exposure vulnerability. This flaw may allow an attacker to access confidential information stored by the plugin.

CVE-2026-57429
Medium

The Slim SEO plugin versions up to 4.6.2 contain a vulnerability involving broken access control for contributors. A user with the contributor role can gain unauthorized access to SEO management functions.

CVE-2026-56122
High

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences. Attackers can traverse outside the webroot directory, potentially exposing sensitive data.

CVE-2026-56071
High

Versions of Forminator up to 1.53.1 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-56054
High

In JS Help Desk versions <= 3.1.1, there is a vulnerability that allows subscribers to delete arbitrary files.

CVE-2026-56053
High

PHP Object Injection vulnerability in EventPrime plugin versions up to 4.3.4.1 allows subscribers to inject malicious PHP objects. This can lead to remote code execution or other unauthorized actions on the server.

CVE-2026-56051
High

The TablePress plugin for WordPress versions 3.3.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-56050
Medium

The PPOM for WooCommerce plugin contains an Improper Access Control vulnerability, allowing exploitation of incorrectly configured access control security levels. This issue affects versions from n/a through 33.0.18.

CVE-2026-56049
High

Post Snippets versions up to 4.0.19 contain a remote code execution (RCE) vulnerability, allowing attackers to execute unauthorized code on the server.

CVE-2026-56042
High

There is a Cross Site Scripting (XSS) vulnerability in Advanced Order Export For WooCommerce versions <= 4.0.9 that can be exploited by attackers to inject malicious code.

CVE-2026-56023
Medium

The UPI QR Code Payment Gateway for WooCommerce plugin version 1.6.2 and earlier contains a broken access control vulnerability. This allows unauthorized users to manipulate the payment process.

CVE-2026-56014
High

The Master Slider plugin versions up to 3.11.2 contain an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without authentication.

CVE-2026-56013
Medium

The License Manager for WooCommerce plugin version 3.0.15 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data without requiring authentication.

CVE-2026-56006
High

Versions of H5P up to 1.17.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-56005
High

The WP Activity Log plugin versions up to 5.6.3.1 contain a Cross Site Scripting (XSS) vulnerability that can be exploited by subscribers.

CVE-2026-54849
Critical

The Premmerce Wishlist plugin for WooCommerce versions up to 1.1.11 contains a vulnerability to unauthenticated SQL injection.

CVE-2026-54848
High

The vulnerability in APIExperts Square for WooCommerce allows the insertion of sensitive information into sent data, enabling retrieval of that data later.

CVE-2026-54845
High

The vulnerability allows an unauthenticated attacker to include arbitrary local files on the server in MDTF plugin versions up to and including 1.3.8.

PreviousPage 236 of 4630Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS