CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-56013
Medium

The License Manager for WooCommerce plugin version 3.0.15 and earlier contains an unauthenticated Insecure Direct Object References (IDOR) vulnerability. This allows an attacker to access sensitive data without requiring authentication.

CVE-2026-56006
High

Versions of H5P up to 1.17.6 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious JavaScript code.

CVE-2026-56005
High

The WP Activity Log plugin versions up to 5.6.3.1 contain a Cross Site Scripting (XSS) vulnerability that can be exploited by subscribers.

CVE-2026-54849
Critical

The Premmerce Wishlist plugin for WooCommerce versions up to 1.1.11 contains a vulnerability to unauthenticated SQL injection.

CVE-2026-54848
High

The vulnerability in APIExperts Square for WooCommerce allows the insertion of sensitive information into sent data, enabling retrieval of that data later.

CVE-2026-54845
High

The vulnerability allows an unauthenticated attacker to include arbitrary local files on the server in MDTF plugin versions up to and including 1.3.8.

CVE-2026-54844
High

The CheckView Automated Testing plugin version 2.1.0 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to testing features without authentication.

CVE-2026-54843
Critical

There is an unauthenticated SQL injection vulnerability in MDTF versions <= 1.3.7.

CVE-2026-54842
High

Missing Authorization in Royal Plugins Royal MCP allows exploiting incorrectly configured access control security levels. This issue affects Royal MCP from n/a through 1.4.25.

CVE-2026-54841
High

Versions of Vitepos up to 3.4.2 have a vulnerability that allows unauthorized access to sensitive data.

CVE-2026-54838
High

Versions of WC Vendors Marketplace up to 2.6.8 are vulnerable to SQL Injection attacks by subscribers.

CVE-2026-54836
Critical

SQL Injection vulnerability in YMC Filter allows an attacker to inject malicious SQL code. The flaw affects versions up to and including 3.11.5.

CVE-2026-54830
High

The Five Star Restaurant Reservations plugin version 2.7.19 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to reservation functions without required authentication.

CVE-2026-54829
High

CVE-2026-54829 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in the WP Photo Album Plus plugin.

CVE-2026-54828
High

Motors versions up to 1.4.109 have a vulnerability in access control that allows unauthorized access.

CVE-2026-54823
Critical

There is a remote code execution (RCE) vulnerability in Widget Options versions <= 4.2.3 that can be exploited by an attacker.

CVE-2026-54822
High

Subscriber SQL Injection vulnerability in SALESmanago and Leadoo versions up to 3.11.2 allows unauthorized access to the database through malicious SQL query injection.

CVE-2026-54821
High

The vulnerability in the Visual Link Preview plugin versions up to 2.3.1 allows sensitive subscriber data exposure. An attacker can access information that should be protected.

CVE-2026-52690
Medium

The vulnerability allows spoofing replies to a Recursor, which may mark an IP address of an authoritative server as not supporting EDNS. As a result, validation of DNSSEC records served by that server may fail.

CVE-2026-4526
Medium

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network.

PreviousPage 175 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS