Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,625
Critical0
High3,625
Medium0
Reset
Showing 221-240 of 3625 records
Threat Entry Updated 2026-04-27

CVE-2026-5465 - Ameliabooking Plugin

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field when a Provider (Employee) user updates their own profile. The `externalId` maps directly to a WordPress user ID and is passed to `wp_set_password()` and `wp_update_user()` without authorization checks. This makes it possible for authenticated attackers, with Provider-level (Employee) access and above, to take over any WordPress account — including…

PLUGIN Ameliabooking

CVE-2026-5465

HIGH CVSS 8.8 2026-04-07
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-34885 - Media LIbrary Assistant Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.

PLUGIN Media LIbrary Assistant

CVE-2026-34885

HIGH CVSS 8.5 2026-04-06
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-3666 - Wpforo Forum Plugin

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and above, to delete arbitrary files on the server by embedding a crafted path traversal string in a forum post body and then deleting the post.

PLUGIN Wpforo Forum

CVE-2026-3666

HIGH CVSS 8.8 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-2936 - Visitor Traffic Real Time Statistics Plugin

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an admin user accesses the Traffic by Title section.

PLUGIN Visitor Traffic Real Time Statistics

CVE-2026-2936

HIGH CVSS 7.2 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-1233 - Changeset Plugin

The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing hardcoded MySQL database credentials for the vendor's external telemetry server in the `Mementor_TTS_Remote_Telemetry` class. This makes it possible for unauthenticated attackers to extract and decode these credentials, gaining unauthorized write access to the vendor's telemetry database.

PLUGIN Changeset

CVE-2026-1233

HIGH CVSS 7.5 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-5425 - Widgets For Social Photo Feed Plugin

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Widgets For Social Photo Feed

CVE-2026-5425

HIGH CVSS 7.2 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-3445 - Profilepress Plugin

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on the `change_plan_sub_id` parameter in the `process_checkout()` function. This makes it possible for authenticated attackers, with subscriber level access and above, to reference another user's active subscription during checkout to manipulate proration calculations, allowing them to obtain paid lifetime membership plans without payment via the `ppress_process_checkout` AJAX…

PLUGIN Profilepress

CVE-2026-3445

HIGH CVSS 7.1 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-4896 - Wc Frontend Manager Plugin

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including `wcfm_modify_order_status`, `delete_wcfm_article`, `delete_wcfm_product`, and the article management controller due to missing validation on user-supplied object IDs. This makes it possible for authenticated attackers, with Vendor-level access and above, to modify the status of any order, delete or modify any post/product/page, regardless of ownership.

PLUGIN Wc Frontend Manager

CVE-2026-4896

HIGH CVSS 8.1 2026-04-04
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-4350 - Perfmatters Plugin

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This is due to the `PMCS::action_handler()` method processing the `$_GET['delete']` parameter without any sanitization, authorization check, or nonce verification. The unsanitized filename is concatenated with the storage directory path and passed to `unlink()`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server by using `../` path traversal sequences, including `wp-config.php` which would force WordPress into the installation wizard…

PLUGIN Perfmatters

CVE-2026-4350

HIGH CVSS 8.1 2026-04-03
Open Full Technical Breakdown
Threat Entry Updated 2026-04-27

CVE-2026-5032 - W3 Total Cache Plugin

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw mfunc/mclude dynamic fragment HTML comments — including the W3TC_DYNAMIC_SECURITY security token — to be rendered in the page source. This makes it possible for unauthenticated attackers to discover the value of the W3TC_DYNAMIC_SECURITY constant by sending a crafted User-Agent header to any page that…

PLUGIN W3 Total Cache

CVE-2026-5032

HIGH CVSS 7.5 2026-04-02
Open Full Technical Breakdown
Threat Entry Updated 2026-04-27

CVE-2026-0686 - Webmention Plugin

The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.6.2 in the 'MF2::parse_authorpage' function via the 'Receiver::post' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

PLUGIN Webmention

CVE-2026-0686

HIGH CVSS 7.2 2026-04-02
Open Full Technical Breakdown
Threat Entry Updated 2026-04-27

CVE-2026-4347 - Mw Wp Form Plugin

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). The vulnerability is only exploitable if a file upload field is added to the form and the “Saving inquiry data in database” option is…

PLUGIN Mw Wp Form

CVE-2026-4347

HIGH CVSS 8.1 2026-04-02
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-4267 - Query Monitor Plugin

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['REQUEST_URI']’ parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Query Monitor

CVE-2026-4267

HIGH CVSS 7.2 2026-03-31
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-4020 - Gravity Smtp Plugin

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns true, allowing any unauthenticated visitor to access it. When the ?page=gravitysmtp-settings query parameter is appended, the plugin's register_connector_data() method populates internal connector data, causing the endpoint to return approximately 365 KB of JSON containing the full System Report. This makes it possible for unauthenticated attackers to retrieve detailed system configuration data including PHP…

PLUGIN Gravity Smtp

CVE-2026-4020

HIGH CVSS 7.5 2026-03-31
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-5130 - Debugger Troubleshooter Plugin

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1.3.2. This was due to the plugin accepting the wp_debug_troubleshoot_simulate_user cookie value directly as a user ID without any cryptographic validation or authorization checks. The cookie value was used to override the determine_current_user filter, which allowed unauthenticated attackers to impersonate any user by simply setting the cookie to their target user ID. This made it possible for unauthenticated attackers to gain administrator-level access and perform any privileged actions including creating new…

PLUGIN Debugger Troubleshooter

CVE-2026-5130

HIGH CVSS 8.8 2026-03-30
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-3124 - Download Monitor Plugin

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.7 via the executePayment() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to complete arbitrary pending orders by exploiting a mismatch between the PayPal transaction token and the local order, allowing theft of paid digital goods by paying a minimal amount for a low-cost item and using that payment token to finalize a high-value order.

PLUGIN Download Monitor

CVE-2026-3124

HIGH CVSS 7.5 2026-03-30
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-4987 - Other Custom Form Builder Plugin

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the create_payment_intent() function performing a payment validation solely based on the value of a user-controlled parameter. This makes it possible for unauthenticated attackers to bypass configured form payment-amount validation and create underpriced payment/subscription intents by setting form_id to 0.

PLUGIN Other Custom Form Builder

CVE-2026-4987

HIGH CVSS 7.5 2026-03-28
Open Full Technical Breakdown
Scroll to top