Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-27
CVE-2026-48972 - SeedProd Pro Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5.
PLUGIN
SeedProd Pro
CVE-2026-48972
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-48971 - Product Import Export for WooCommerce Plugin
Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6.
PLUGIN
Product Import Export for WooCommerce
CVE-2026-48971
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42757 - WebinarIgnition Plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.
PLUGIN
WebinarIgnition
CVE-2026-42757
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42756 - QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly Plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly: from n/a through
PLUGIN
QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly
CVE-2026-42756
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42758 - WebinarIgnition Plugin
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.
PLUGIN
WebinarIgnition
CVE-2026-42758
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42761 - Active Products Tables for WooCommerce Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through
PLUGIN
Active Products Tables for WooCommerce
CVE-2026-42761
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42760 - Backup and Staging by WP Time Capsule Plugin
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through
PLUGIN
Backup and Staging by WP Time Capsule
CVE-2026-42760
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42762 - VikBooking Hotel Booking Engine & PMS Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through
PLUGIN
VikBooking Hotel Booking Engine & PMS
CVE-2026-42762
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42759 - Affiliate Super Assistent Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through
PLUGIN
Affiliate Super Assistent
CVE-2026-42759
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42748 - WPify Woo Czech Plugin
Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through
PLUGIN
WPify Woo Czech
CVE-2026-42748
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42755 - TableOn Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through
PLUGIN
TableOn
CVE-2026-42755
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42747 - Easy Form Builder Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through
PLUGIN
Easy Form Builder
CVE-2026-42747
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42753 - WCFM Membership Plugin
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through
PLUGIN
WCFM Membership
CVE-2026-42753
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42746 - Smart Online Order for Clover Plugin
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through
PLUGIN
Smart Online Order for Clover
CVE-2026-42746
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42754 - Favicon Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through
PLUGIN
Favicon
CVE-2026-42754
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42749 - Disable Comments for Any Post Types (Remove comments Plugin
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through
PLUGIN
Disable Comments for Any Post Types (Remove comments
CVE-2026-42749
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42751 - Booking Manager Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through
PLUGIN
Booking Manager
CVE-2026-42751
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42750 - WPComplete Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nexcess WPComplete wpcomplete allows Stored XSS.This issue affects WPComplete: from n/a through
PLUGIN
WPComplete
CVE-2026-42750
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42740 - Tainacan Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows Blind SQL Injection.This issue affects Tainacan: from n/a through
PLUGIN
Tainacan
CVE-2026-42740
Risk Score
Threat Entry
Updated 2026-05-27
CVE-2026-42737 - VikBooking Hotel Booking Engine & PMS Plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through
PLUGIN
VikBooking Hotel Booking Engine & PMS
CVE-2026-42737
Risk Score