CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Blog2Social version 8.9.2 and earlier. The attack can be carried out without authentication, increasing the risk of exploitation.
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.
The Responsive Lightbox plugin version 2.7.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.
The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Gutenverse Form plugin up to version 2.4.7.
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Quick Interest Slider versions up to and including 3.1.6.
Privilege escalation vulnerability in Frisbii Pay plugin for WordPress versions up to 1.8.2 allows contributors to gain unauthorized administrative access.
BitFire Security plugin version 5.0.3 and earlier contains multiple unauthenticated vulnerabilities. An attacker can remotely exploit these flaws without requiring authentication.
The vulnerability allows an unauthenticated attacker to perform PHP Object Injection in Uncanny Automator versions up to and including 7.3.1.2. This can lead to remote code execution or other dangerous operations on the server.
The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.
The Paymob for WooCommerce plugin version 4.1.2 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.
The vulnerability allows an unauthenticated attacker to execute XSS scripts in the MapPress Maps plugin for WordPress versions up to and including 2.97.3.
The vulnerability in the Abandoned Cart Pro plugin for WooCommerce version 10.4.0 and below allows subscribers to escalate privileges. An attacker can exploit this flaw to gain unauthorized access to administrative functions.
The Fusion Builder plugin for WordPress versions 3.15.4 and earlier contains a privilege escalation vulnerability exploitable by contributors. An attacker with contributor role can gain unauthorized access to administrative functions.
The Stylish Cost Calculator plugin in versions 8.3.9 and earlier contains a broken access control vulnerability that allows an unauthenticated attacker to bypass authorization. This vulnerability can lead to unauthorized access to cost calculator functions.
The Syncee Premium Dropshipping & Wholesale plugin in version 1.0.27 and below contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected functions or data.
The Newsletters plugin versions up to 4.13 contain an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.
The Trinity Backup plugin for WordPress in versions 2.0.9 and below allows unauthenticated users to access sensitive data. This vulnerability enables information disclosure without requiring authentication.
The Intranet & Private Site – All-In-One Intranet plugin version 1.8.1 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected intranet resources.
The Five Star Restaurant Menu plugin version 2.5.2 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.
Vulnerability in Object Cache 4 everyone versions up to 2.3.2 allows an unauthenticated attacker to access sensitive data. Lack of required authentication leads to exposure of confidential information.

