🚨 CVE-2026-54823
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
🎖@cveNotify
Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.
🎖@cveNotify
Patchstack
Remote Code Execution (RCE) in WordPress Widget Options Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54829
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection.
This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.
🎖@cveNotify
Patchstack
SQL Injection in WordPress WP Photo Album Plus Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54830
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Five Star Restaurant Reservations Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54836
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.
This issue affects YMC Filter: from n/a through 3.11.5.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection.
This issue affects YMC Filter: from n/a through 3.11.5.
🎖@cveNotify
Patchstack
SQL Injection in WordPress Filter & Grids Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54842
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
🎖@cveNotify
Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Royal MCP: from n/a through 1.4.25.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Royal MCP Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54844
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress CheckView Automated Testing Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54848
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
🎖@cveNotify
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data.
This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress APIExperts Square for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54849
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
🎖@cveNotify
Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
🎖@cveNotify
Patchstack
SQL Injection in WordPress Premmerce Wishlist for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56005
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
🎖@cveNotify
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP Activity Log Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56013
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
🎖@cveNotify
Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress License Manager for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56014
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Master Slider Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56023
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.
🎖@cveNotify
Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress UPI QR Code Payment Gateway for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56042
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
🎖@cveNotify
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Advanced Order Export For WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56050
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
🎖@cveNotify
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects PPOM for WooCommerce: from n/a through 33.0.18.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress PPOM for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.