Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-05
CVE-2026-7458 - User Verification Plugin
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value.
PLUGIN
User Verification
CVE-2026-7458
Risk Score
Threat Entry
Updated 2026-05-05
CVE-2026-4882 - User Registration Advanced Fields Plugin
The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in all versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability can only be exploited if a "Profile Picture" field is added to the form.
PLUGIN
User Registration Advanced Fields
CVE-2026-4882
Risk Score
Threat Entry
Updated 2026-05-01
CVE-2026-7567 - Temporary Login Plugin
The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybe_login_temporary_user() function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before processing it. When the parameter is supplied as an array, PHP's empty() check is bypassed and sanitize_key() returns an empty string, which is then passed as the meta_value to get_users(). WordPress ignores an empty meta_value and returns all users matching the meta_key '_temporary_login_token', allowing authentication without a…
PLUGIN
Temporary Login
CVE-2026-7567
Risk Score
Threat Entry
Updated 2026-04-27
CVE-2026-22337 - Directorist Social Login Plugin
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
PLUGIN
Directorist Social Login
CVE-2026-22337
Risk Score
Threat Entry
Updated 2026-04-27
CVE-2026-22336 - Directorist Booking Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2.
PLUGIN
Directorist Booking
CVE-2026-22336
Risk Score
Threat Entry
Updated 2026-04-23
CVE-2026-39440 - FunnelFormsPro Plugin
Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.
PLUGIN
FunnelFormsPro
CVE-2026-39440
Risk Score
Threat Entry
Updated 2026-04-23
CVE-2026-3844 - Breeze Cache Plugin
The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.
PLUGIN
Breeze Cache
CVE-2026-3844
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-6235 - Sendmachine For Wordpress Plugin
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the plugin's SMTP configuration, which can be leveraged to intercept all outbound emails from the site (including password reset emails).
PLUGIN
Sendmachine For Wordpress
CVE-2026-6235
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-4119 - Create Db Tables Plugin
The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action hooks for creating tables (admin_post_add_table) and deleting tables (admin_post_delete_db_table) without implementing any capability checks via current_user_can() or nonce verification via wp_verify_nonce()/check_admin_referer(). The admin_post hook only requires the user to be logged in, meaning any authenticated user including Subscribers can access these endpoints. The cdbt_delete_db_table() function takes a user-supplied table name from $_POST['db_table'] and executes a DROP TABLE SQL query, allowing any authenticated attacker to delete…
PLUGIN
Create Db Tables
CVE-2026-4119
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-6443 - Accordion And Accordion Slider Plugin
The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a persistent backdoor and inject spam into the affected sites.
PLUGIN
Accordion And Accordion Slider
CVE-2026-6443
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-3596 - Riaxe Product Customizer Plugin
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and 'opt_value' from $_POST, then calls delete_option() followed by add_option() using these attacker-controlled values without any nonce verification, capability checks, or option name allowlist. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, which can be leveraged for privilege escalation by enabling user registration and setting the default user…
PLUGIN
Riaxe Product Customizer
CVE-2026-3596
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-4880 - Barcode Scanner Lite Pos To Manage Products Inventory And Orders Plugin
The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the 'barcodeScannerConfigs' action, and lacking meta-key restrictions on the 'setUserMeta' action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the…
PLUGIN
Barcode Scanner Lite Pos To Manage Products Inventory And Orders
CVE-2026-4880
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-3461 - Visa Acceptance Solutions Plugin
The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to the `express_pay_product_page_pay_for_order()` function logging users in based solely on a user-supplied billing email address during guest checkout for subscription products, without verifying email ownership, requiring a password, or validating a one-time token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by providing the target user's email address in the billing_details parameter, resulting in complete account takeover and site…
PLUGIN
Visa Acceptance Solutions
CVE-2026-3461
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-1555 - Webstack Theme
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
THEME
Webstack
CVE-2026-1555
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-4365 - Learnpress Plugin
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it possible for unauthenticated attackers to delete any quiz answer option by sending a crafted POST request with a publicly available nonce.
PLUGIN
Learnpress
CVE-2026-4365
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-34424 - WordPress Core
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via HTTP headers, establish authenticated backdoors accepting arbitrary PHP code or OS commands, create hidden administrator accounts, exfiltrate credentials and access keys, and maintain persistence through multiple injection points including must-use plugins and core file modifications.
CORE
WordPress Core
CVE-2026-34424
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-1830 - Quick Playground Plugin
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server.
PLUGIN
Quick Playground
CVE-2026-1830
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-2942 - Prosolution Wp Client Plugin
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
PLUGIN
Prosolution Wp Client
CVE-2026-2942
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-39640 - Theme Editor
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through
THEME
Theme Editor
CVE-2026-39640
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-39620 - Appointment Plugin
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through
PLUGIN
Appointment
CVE-2026-39620
Risk Score