π¨ CVE-2026-54188
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress JetEngine Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-54189
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress JetEngine Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-54195
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress JetFormBuilder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-54804
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
π@cveNotify
Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.
π@cveNotify
Patchstack
Broken Authentication in WordPress Melhor Envio Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-54806
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
π@cveNotify
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress WP Activity Log Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-9690
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
π@cveNotify
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
π@cveNotify
Patchstack
Arbitrary File Download in WordPress WP Media folder Addon Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-59554
Unauthenticated SQL Injection in Advanced Ads β Tracking < 3.0.7 versions.
π@cveNotify
Unauthenticated SQL Injection in Advanced Ads β Tracking < 3.0.7 versions.
π@cveNotify
Patchstack
SQL Injection in WordPress Advanced Ads β Tracking Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-60230
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
π@cveNotify
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
π@cveNotify
Patchstack
PHP Object Injection in WordPress The Barber Shop Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69115
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
π@cveNotify
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69130
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
π@cveNotify
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress Entrepreneur - Booking for Small Businesses WordPress Theme Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69166
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
π@cveNotify
Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress Gunslinger Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-69189
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects JobBank: from n/a through 1.2.3.
π@cveNotify
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects JobBank: from n/a through 1.2.3.
π@cveNotify
Patchstack
Broken Access Control in WordPress JobBank Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-40757
Unauthenticated PHP Object Injection in ChΓ’teau <= 1.2.1 versions.
π@cveNotify
Unauthenticated PHP Object Injection in ChΓ’teau <= 1.2.1 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress ChΓ’teau Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-49268
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the DN structure used for LDAP bind authentication, potentially bypassing authentication or impersonating other users.
This issue affects all Apache Shiro versions through 2.2.0, and 3.0.0-alpha-1 when using DefaultLdapRealm
Upgrade to Apache Shiro 2.2.1 or 3.0.0-alpha-2 or later, which fixes the issue.
π@cveNotify
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate the DN structure used for LDAP bind authentication, potentially bypassing authentication or impersonating other users.
This issue affects all Apache Shiro versions through 2.2.0, and 3.0.0-alpha-1 when using DefaultLdapRealm
Upgrade to Apache Shiro 2.2.1 or 3.0.0-alpha-2 or later, which fixes the issue.
π@cveNotify