CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-56044
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Blog2Social version 8.9.2 and earlier. The attack can be carried out without authentication, increasing the risk of exploitation.

CVE-2026-56043
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.

CVE-2026-56041
High

The Responsive Lightbox plugin version 2.7.6 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code without requiring authentication.

CVE-2026-56040
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the Gutenverse Form plugin up to version 2.4.7.

CVE-2026-56039
High

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Quick Interest Slider versions up to and including 3.1.6.

CVE-2026-56038
High

Privilege escalation vulnerability in Frisbii Pay plugin for WordPress versions up to 1.8.2 allows contributors to gain unauthorized administrative access.

CVE-2026-56035
High

BitFire Security plugin version 5.0.3 and earlier contains multiple unauthenticated vulnerabilities. An attacker can remotely exploit these flaws without requiring authentication.

CVE-2026-56031
High

The vulnerability allows an unauthenticated attacker to perform PHP Object Injection in Uncanny Automator versions up to and including 7.3.1.2. This can lead to remote code execution or other dangerous operations on the server.

CVE-2026-56029
High

The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.

CVE-2026-56025
High

The Paymob for WooCommerce plugin version 4.1.2 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.

CVE-2026-56011
High

The vulnerability allows an unauthenticated attacker to execute XSS scripts in the MapPress Maps plugin for WordPress versions up to and including 2.97.3.

CVE-2026-56010
High

The vulnerability in the Abandoned Cart Pro plugin for WooCommerce version 10.4.0 and below allows subscribers to escalate privileges. An attacker can exploit this flaw to gain unauthorized access to administrative functions.

CVE-2026-56008
High

The Fusion Builder plugin for WordPress versions 3.15.4 and earlier contains a privilege escalation vulnerability exploitable by contributors. An attacker with contributor role can gain unauthorized access to administrative functions.

CVE-2026-54847
High

The Stylish Cost Calculator plugin in versions 8.3.9 and earlier contains a broken access control vulnerability that allows an unauthenticated attacker to bypass authorization. This vulnerability can lead to unauthorized access to cost calculator functions.

CVE-2026-54846
High

The Syncee Premium Dropshipping & Wholesale plugin in version 1.0.27 and below contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected functions or data.

CVE-2026-54840
High

The Newsletters plugin versions up to 4.13 contain an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.

CVE-2026-54839
High

The Trinity Backup plugin for WordPress in versions 2.0.9 and below allows unauthenticated users to access sensitive data. This vulnerability enables information disclosure without requiring authentication.

CVE-2026-54837
High

The Intranet & Private Site – All-In-One Intranet plugin version 1.8.1 and earlier contains an unauthenticated broken access control vulnerability. An attacker without authentication can gain unauthorized access to protected intranet resources.

CVE-2026-54835
High

The Five Star Restaurant Menu plugin version 2.5.2 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to administrative functions without requiring authentication.

CVE-2026-54834
High

Vulnerability in Object Cache 4 everyone versions up to 2.3.2 allows an unauthenticated attacker to access sensitive data. Lack of required authentication leads to exposure of confidential information.

PreviousPage 46 of 3340Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS