CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-57686
High

The WowAddons plugin version 1.6.14 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57682
High

The Simple Link Directory plugin version 15.0.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57678
High

The Slider Revolution plugin versions 7.0.0 through 7.0.16 contain a reflected Cross-site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. An attacker can inject a malicious script into an HTTP request that will be executed in the victim's browser.

CVE-2026-57675
High

The WP Photo Album Plus plugin version 9.2.02.004 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57674
High

The Timetics plugin version 1.0.58 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57673
High

The Optimole plugin version 4.2.7 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to inject malicious script without requiring authentication.

CVE-2026-57672
High

The wpDataTables plugin version 6.5.1.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57671
High

The Perfmatters plugin version 2.6.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57670
High

The Google Maps CP plugin version 1.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. This allows a remote attacker to inject malicious script without requiring authentication.

CVE-2026-57426
High

The Modula - PRO plugin version 2.10.8 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57366
High

The WPAdverts plugin version 2.3.1 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57362
High

The ChatBot plugin version 8.3.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57361
High

The Survey Maker plugin for WordPress versions 5.2.2.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. It allows a remote attacker to inject malicious script without requiring authentication.

CVE-2026-57360
High

The eCommerce Product Catalog plugin version 3.5.4 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57359
High

The ReviewX plugin for WordPress versions 2.3.10 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57358
High

The Customize My Account for WooCommerce plugin version 4.3.9 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject a malicious script that executes in the victim's browser.

CVE-2026-57357
High

The Search Atlas SEO plugin version 2.6.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

CVE-2026-57356
High

The MC Woocommerce Wishlist plugin version 1.9.19 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-57351
High

The HandL UTM Grabber plugin version 2.9.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript without requiring authentication.

CVE-2026-57350
High

The WP Debugging plugin version 2.12.2 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

PreviousPage 10 of 3301Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS