CVE-2026-57750 - WordPress ez Form Calculator Premium plugin <= 2.14.1.2 - Broken Access Control vulnerability
CVE ID :CVE-2026-57750
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57750
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57751 - WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID :CVE-2026-57751
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57751
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57752 - WordPress iNET Webkit plugin 1.2.4 - SQL Injection vulnerability
CVE ID :CVE-2026-57752
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor SQL Injection in iNET Webkit 1.2.4 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57752
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor SQL Injection in iNET Webkit 1.2.4 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57753 - WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability
CVE ID :CVE-2026-57753
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57753
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57754 - WordPress Livemesh Addons for WPBakery Page Builder plugin <= 3.9.4 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-57754
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57754
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57755 - WordPress Mosaic Gallery – Advanced Gallery plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-57755
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57755
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57756 - WordPress nicen-localize-image plugin <= 1.4.9 - SQL Injection vulnerability
CVE ID :CVE-2026-57756
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57756
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57757 - WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID :CVE-2026-57757
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57757
Published : July 2, 2026, 11:15 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57758 - WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
CVE ID :CVE-2026-57758
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57758
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57759 - WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability
CVE ID :CVE-2026-57759
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57759
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57761 - WordPress SEOWP theme <= 3.12.2 - CSRF to Stored XSS vulnerability
CVE ID :CVE-2026-57761
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57761
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57762 - WordPress Simple URLs plugin <= 151 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-57762
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57762
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57763 - WordPress Structured Content plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-57763
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57763
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57764 - WordPress Surbma | Yoast SEO Breadcrumb Shortcode plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-57764
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57764
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57765 - WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability
CVE ID :CVE-2026-57765
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57765
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57766 - WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID :CVE-2026-57766
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57766
Published : July 2, 2026, 11:16 a.m. | 2 hours, 24 minutes ago
Description :Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-56037 - WordPress Themify Popup plugin <= 1.4.3 - PHP Object Injection vulnerability
CVE ID :CVE-2026-56037
Published : July 2, 2026, 11:30 a.m. | 2 hours, 9 minutes ago
Description :Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-56037
Published : July 2, 2026, 11:30 a.m. | 2 hours, 9 minutes ago
Description :Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection. This issue affects Themify Popup: from n/a through 1.4.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57678 - WordPress Slider Revolution plugin 7.0.0-7.0.16 - Cross Site Scripting (XSS) vulnerability
CVE ID :CVE-2026-57678
Published : July 2, 2026, 11:32 a.m. | 2 hours, 8 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57678
Published : July 2, 2026, 11:32 a.m. | 2 hours, 8 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-57760 - WordPress Sendcloud Shipping plugin <= 1.0.29 - Broken Access Control vulnerability
CVE ID :CVE-2026-57760
Published : July 2, 2026, 11:33 a.m. | 2 hours, 7 minutes ago
Description :Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-57760
Published : July 2, 2026, 11:33 a.m. | 2 hours, 7 minutes ago
Description :Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sendcloud Shipping: from n/a through 1.0.29.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14449 - POST-based reflected XSS via the thanks parameter in form components
CVE ID :CVE-2026-14449
Published : July 2, 2026, 11:47 a.m. | 1 hour, 52 minutes ago
Description :u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-14449
Published : July 2, 2026, 11:47 a.m. | 1 hour, 52 minutes ago
Description :u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-58652 - luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter
CVE ID :CVE-2026-58652
Published : July 2, 2026, 12:28 p.m. | 1 hour, 11 minutes ago
Description :luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to /etc/travelmate/*.login, this is only a frontend restriction. The backend travelmate service (running as root) reads the raw UCI 'script' and 'script_args' values and executes the configured path when the captive-portal auto-login branch (f_check() in travelmate-functions.sh) is reached. An attacker with delegated write permissions can set script to /bin/sh and script_args to attacker-controlled arguments, resulting in arbitrary command execution as root. Confirmed in luci-app-travelmate/travelmate 2.4.5-r3; the sink is still present in travelmate 2.4.6-1 and no patched version is known.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-58652
Published : July 2, 2026, 12:28 p.m. | 1 hour, 11 minutes ago
Description :luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to /etc/travelmate/*.login, this is only a frontend restriction. The backend travelmate service (running as root) reads the raw UCI 'script' and 'script_args' values and executes the configured path when the captive-portal auto-login branch (f_check() in travelmate-functions.sh) is reached. An attacker with delegated write permissions can set script to /bin/sh and script_args to attacker-controlled arguments, resulting in arbitrary command execution as root. Confirmed in luci-app-travelmate/travelmate 2.4.5-r3; the sink is still present in travelmate 2.4.6-1 and no patched version is known.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...