CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The Optimole plugin version 4.2.7 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to inject malicious script without requiring authentication.
The wpDataTables plugin version 6.5.1.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Perfmatters plugin version 2.6.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Google Maps CP plugin version 1.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows a remote attacker to inject malicious script without requiring authentication.
The Advanced Contact form 7 DB plugin version 2.0.9 and earlier contains a broken access control vulnerability exploitable by subscribers. A user with the subscriber role can gain unauthorized access to functions intended for administrators.
The Admin and Site Enhancements (ASE) Pro plugin version 8.8.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Blocksy Companion Pro plugin version 2.1.46 and earlier contains a critical vulnerability allowing unauthenticated remote code execution (RCE). The vulnerability stems from missing authentication in one of the API endpoints.
The W3 Total Cache plugin versions up to 2.9.4 contain a critical vulnerability allowing unauthenticated remote arbitrary code execution. The flaw stems from insufficient input validation in the caching mechanism.
The Booktics plugin version 1.0.21 and earlier contains an unauthenticated PHP Object Injection vulnerability. An attacker can remotely inject a malicious PHP object without authentication.
The Modula - PRO plugin version 2.10.8 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The WPAdverts plugin version 2.3.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The ChatBot plugin version 8.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Survey Maker plugin for WordPress versions 5.2.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to inject malicious script without requiring authentication.
The eCommerce Product Catalog plugin version 3.5.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The ReviewX plugin for WordPress versions 2.3.10 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The Customize My Account for WooCommerce plugin version 4.3.9 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject a malicious script that executes in the victim's browser.
The Search Atlas SEO plugin version 2.6.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
The MC Woocommerce Wishlist plugin version 1.9.19 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The Classified Listing plugin for WordPress versions 5.4.2 and earlier contains a broken access control vulnerability exploitable by subscribers. This allows users with the subscriber role to perform unauthorized actions.
The JetReviews plugin version 3.0.0.1 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. It allows injection of malicious scripts into the page by a user with the subscriber role.

