CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
Versions of RegistrationMagic up to 6.0.8.6 have a vulnerability in unauthenticated authentication, which may allow attackers to take over user accounts.
The Integration for Contact Form 7 HubSpot versions up to 1.3.7 contain a vulnerability to unauthenticated PHP object injection.
Versions up to 1.4.3 of the Integration for Salesforce, Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms plugins are vulnerable to unauthenticated PHP object injection.
In versions of Integration for Contact Form 7 and Constant Contact up to 1.1.6, there is a vulnerability to unauthenticated PHP object injection.
The WP Zendesk plugin for contact forms such as Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms in versions up to 1.1.4 is vulnerable to unauthenticated PHP object injection.
Versions up to 1.2.1 of the Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugins are vulnerable to unauthenticated PHP object injection.
There is an unauthenticated PHP Object Injection vulnerability in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms versions <= 1.1.4.
Versions of Advanced 301 and 302 Redirect up to 1.6.9 are vulnerable to unauthenticated SQL injection.
JS Help Desk versions up to 3.0.9 are vulnerable to unauthenticated SQL injection, potentially allowing attackers to access database data.
Versions of TrueBooker <= 1.1.9 have an unauthenticated broken access control vulnerability that may allow attackers to access resources they should not have access to.
There is an unauthenticated remote code execution (RCE) vulnerability in Easy Invoice versions <= 2.1.19.
The Realtyna Organic IDX plugin versions up to 5.1.0 contains a vulnerability to unauthenticated SQL injection.
There is an unauthenticated SQL Injection vulnerability in WP Data Access versions <= 5.5.70.
The GD Rating System versions up to 3.6.2 are vulnerable to unauthenticated SQL injection.
WooCommerce versions up to 4.5.1 contain a vulnerability for unauthenticated SQL injection in the order delivery date field.
There is an unauthenticated SQL injection vulnerability in Funnel Builder by FunnelKit versions up to 3.15.0.1.
There is an unauthenticated SQL injection vulnerability in wpForo Forum versions up to 3.0.4.
GeekyBot versions up to 1.2.2 have a vulnerability allowing unauthenticated arbitrary file uploads.
There is an unauthenticated SQL Injection vulnerability in Contest Gallery versions up to 28.1.6.
In WP-BusinessDirectory versions <= 4.0.0, there is a vulnerability that allows subscribers to upload arbitrary files.

