π¨ CVE-2026-14449
u5CMS through v12.8.8 is vulnerable to reflected XSS via the βthanksβ parameter in multiple form components
π@cveNotify
u5CMS through v12.8.8 is vulnerable to reflected XSS via the βthanksβ parameter in multiple form components
π@cveNotify
GitHub
Release u5cms-12.8.9 Β· u5cms/u5cms
What's Changed
This release fixes CVE-2026-14449.
Thanks xss fix by @stemind in #177
Full Changelog: v12.8.8...v12.8.9
This release fixes CVE-2026-14449.
Thanks xss fix by @stemind in #177
Full Changelog: v12.8.8...v12.8.9
π¨ CVE-2026-27060
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
π@cveNotify
Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.
π@cveNotify
Patchstack
PHP Object Injection in WordPress ARMember Premium Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27408
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress NativeChurch Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27412
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
π@cveNotify
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
π@cveNotify
Patchstack
Local File Inclusion in WordPress Pearl - Corporate Business Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27425
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Automotive Listings Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27426
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Automotive Car Dealership Business Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27430
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress TheFox Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27433
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
π@cveNotify
Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress Motors Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-27436
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
π@cveNotify
Editor Arbitrary Code Execution in Five Star Business Profile and Schema <= 2.3.19 versions.
π@cveNotify
Patchstack
Arbitrary Code Execution in WordPress Five Star Business Profile and Schema Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-39448
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
π@cveNotify
Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions.
π@cveNotify
Patchstack
Broken Access Control in WordPress NOWPayments for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-49779
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
π@cveNotify
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
π@cveNotify
Patchstack
Path Traversal in WordPress Tax Exempt for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-56037
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection.
This issue affects Themify Popup: from n/a through 1.4.3.
π@cveNotify
Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection.
This issue affects Themify Popup: from n/a through 1.4.3.
π@cveNotify
Patchstack
PHP Object Injection in WordPress Themify Popup Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57342
Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.
π@cveNotify
Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive Images <= 3.11.3 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress ShortPixel Adaptive Images Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57343
Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Real Estate 7 Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57344
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.4.2 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Classified Listing Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57345
Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.
π@cveNotify
Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Internal Links Manager Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2026-57347
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
π@cveNotify
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Hotel Booking Lite Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.