Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-1426 - Advanced Ajax Product Filters Plugin
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is…
PLUGIN
Advanced Ajax Product Filters
CVE-2026-1426
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2495 - Editorial And Project Management Plugin
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Editorial And Project Management
CVE-2026-2495
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2296 - Product Addons for Woocommerce – Product Options with Custom Fields Plugin
The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions() function, which passes unsanitized user input directly to PHP's eval() function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject and execute arbitrary PHP code on the server via the conditional logic 'operator' parameter when saving addon form field…
PLUGIN
Product Addons for Woocommerce – Product Options with Custom Fields
CVE-2026-2296
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2019 - Cart All In One For Woocommerce Plugin
The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute arbitrary PHP code on the server.
PLUGIN
Cart All In One For Woocommerce
CVE-2026-2019
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1368 - Video Conferencing With Zoom Plugin
The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and retrieve the site's Zoom SDK key.
PLUGIN
Video Conferencing With Zoom
CVE-2026-1368
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2576 - Business Directory Plugin
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Business Directory
CVE-2026-2576
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1931 - Rent Fetch Plugin
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Rent Fetch
CVE-2026-1931
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1714 - All In One Solution Plugin
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation on the 'send_to', 'product_title', 'wlmessage', and 'wlemail' parameters in the 'woolentor_suggest_price_action' AJAX endpoint. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient with full control over the subject line, message content, and sender address (via CRLF injection in the 'wlemail' parameter), effectively turning the…
PLUGIN
All In One Solution
CVE-2026-1714
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1216 - RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging Plugin
The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging
CVE-2026-1216
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2592 - Zarinpal Gateway For Woocommerce Plugin
The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'Return_from_ZarinPal_Gateway' failing to validate that the authority token provided in the callback URL belongs to the specific order being marked as paid. This makes it possible for unauthenticated attackers to potentially mark orders as paid without proper payment by reusing a valid authority token from a different transaction of the same amount.
PLUGIN
Zarinpal Gateway For Woocommerce
CVE-2026-2592
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2025-12062 - Filters Plugin
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .html files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .html file types can be uploaded and included.
PLUGIN
Filters
CVE-2025-12062
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2001 - WowRevenue – Product Bundles & Bulk Discounts Plugin
The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activate_plugin' function in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected site's server which may make remote code execution possible.
PLUGIN
WowRevenue – Product Bundles & Bulk Discounts
CVE-2026-2001
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1750 - Ecwid By Lightspeed Ecommerce Shopping Cart Plugin
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to supply the 'ec_store_admin_access' parameter during a profile update and gain store manager access to the site.
PLUGIN
Ecwid By Lightspeed Ecommerce Shopping Cart
CVE-2026-1750
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1843 - Super Page Cache Plugin
The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Super Page Cache
CVE-2026-1843
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2024 - Photostack Gallery Plugin
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Photostack Gallery
CVE-2026-2024
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1988 - Flexi Product Slider And Grid For Woocommerce Plugin
The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel` shortcode. This is due to the `theme` parameter being directly concatenated into a file path without proper sanitization or validation, allowing directory traversal. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server via the `theme` parameter granted they can create posts with shortcodes.
PLUGIN
Flexi Product Slider And Grid For Woocommerce
CVE-2026-1988
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0753 - Super Simple Contact Form Plugin
The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' parameter in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Super Simple Contact Form
CVE-2026-0753
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0745 - User Language Switch Plugin
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
User Language Switch
CVE-2026-0745
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2144 - Magic Login Mail Plugin
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_Code.png) in the publicly accessible WordPress uploads directory during the email sending process. The file is only deleted after wp_mail() completes, creating an exploitable race condition window. This makes it possible for unauthenticated attackers to trigger a login link request for any user, including administrators, and then exploit the…
PLUGIN
Magic Login Mail
CVE-2026-2144
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0692 - Bluesnap Payment Gateway For Woocommerce Plugin
The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's `WC_Geolocation::get_ip_address()` function to validate IPN requests, which trusts user-controllable headers like X-Real-IP and X-Forwarded-For to determine the client IP address. This makes it possible for unauthenticated attackers to bypass IP allowlist restrictions by spoofing a whitelisted BlueSnap IP address and send forged IPN (Instant Payment Notification) data to manipulate order statuses (mark orders as paid, failed, refunded, or on-hold)…
PLUGIN
Bluesnap Payment Gateway For Woocommerce
CVE-2026-0692
Risk Score