CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-49764
Critical

Versions of RegistrationMagic up to 6.0.8.6 have a vulnerability in unauthenticated authentication, which may allow attackers to take over user accounts.

CVE-2026-49763
Critical

The Integration for Contact Form 7 HubSpot versions up to 1.3.7 contain a vulnerability to unauthenticated PHP object injection.

CVE-2026-49109
Critical

Versions up to 1.4.3 of the Integration for Salesforce, Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms plugins are vulnerable to unauthenticated PHP object injection.

CVE-2026-49106
Critical

In versions of Integration for Contact Form 7 and Constant Contact up to 1.1.6, there is a vulnerability to unauthenticated PHP object injection.

CVE-2026-49105
Critical

The WP Zendesk plugin for contact forms such as Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms in versions up to 1.1.4 is vulnerable to unauthenticated PHP object injection.

CVE-2026-49104
Critical

Versions up to 1.2.1 of the Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugins are vulnerable to unauthenticated PHP object injection.

CVE-2026-49085
Critical

There is an unauthenticated PHP Object Injection vulnerability in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms versions <= 1.1.4.

CVE-2026-49067
Critical

Versions of Advanced 301 and 302 Redirect up to 1.6.9 are vulnerable to unauthenticated SQL injection.

CVE-2026-48886
Critical

JS Help Desk versions up to 3.0.9 are vulnerable to unauthenticated SQL injection, potentially allowing attackers to access database data.

CVE-2026-48881
Critical

Versions of TrueBooker <= 1.1.9 have an unauthenticated broken access control vulnerability that may allow attackers to access resources they should not have access to.

CVE-2026-48836
Critical

There is an unauthenticated remote code execution (RCE) vulnerability in Easy Invoice versions <= 2.1.19.

CVE-2026-45439
Critical

The Realtyna Organic IDX plugin versions up to 5.1.0 contains a vulnerability to unauthenticated SQL injection.

CVE-2026-42665
Critical

There is an unauthenticated SQL Injection vulnerability in WP Data Access versions <= 5.5.70.

CVE-2026-42639
Critical

The GD Rating System versions up to 3.6.2 are vulnerable to unauthenticated SQL injection.

CVE-2026-42386
Critical

WooCommerce versions up to 4.5.1 contain a vulnerability for unauthenticated SQL injection in the order delivery date field.

CVE-2026-42381
Critical

There is an unauthenticated SQL injection vulnerability in Funnel Builder by FunnelKit versions up to 3.15.0.1.

CVE-2026-40798
Critical

There is an unauthenticated SQL injection vulnerability in wpForo Forum versions up to 3.0.4.

CVE-2026-40772
Critical

GeekyBot versions up to 1.2.2 have a vulnerability allowing unauthenticated arbitrary file uploads.

CVE-2026-40771
Critical

There is an unauthenticated SQL Injection vulnerability in Contest Gallery versions up to 28.1.6.

CVE-2026-39591
Critical

In WP-BusinessDirectory versions <= 4.0.0, there is a vulnerability that allows subscribers to upload arbitrary files.

PreviousPage 38 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS