๐จ CVE-2026-57747
Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Booked <= 3.0.0 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Booked Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57749
Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.
๐@cveNotify
Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.
๐@cveNotify
Patchstack
Local File Inclusion in WordPress SportsPress Pro Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57750
Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
๐@cveNotify
Unauthenticated Broken Access Control in ez Form Calculator Premium <= 2.14.1.2 versions.
๐@cveNotify
Patchstack
Broken Access Control in WordPress ez Form Calculator Premium Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57751
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Heateor Social Login <= 1.1.39 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Heateor Social Login Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57753
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
๐@cveNotify
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
๐@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Kit (formerly ConvertKit) for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57754
Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Livemesh Addons for WPBakery Page Builder <= 3.9.4 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Livemesh Addons for WPBakery Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57755
Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Mosaic Gallery โ Advanced Gallery Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57756
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
๐@cveNotify
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
๐@cveNotify
Patchstack
SQL Injection in WordPress nicen-localize-image Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57757
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress pCloud WP Backup Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57758
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in Permalink Manager for WooCommerce <= 1.0.8.2 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Permalink Manager for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57759
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress ProfileGrid Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57760
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Sendcloud Shipping: from n/a through 1.0.29.
๐@cveNotify
Missing Authorization vulnerability in Sendcloud Sendcloud Shipping allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Sendcloud Shipping: from n/a through 1.0.29.
๐@cveNotify
Patchstack
Broken Access Control in WordPress Sendcloud Shipping Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57761
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
๐@cveNotify
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
๐@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress SEOWP Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57763
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Structured Content Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57764
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
๐@cveNotify
Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Surbma | Yoast SEO Breadcrumb Shortcode Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2026-57920
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.
๐@cveNotify
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.
๐@cveNotify
๐จ CVE-2026-12411
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
๐@cveNotify
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
๐@cveNotify
GitHub
Security fixes from the 6.9 release by tomponline ยท Pull Request #18585 ยท canonical/lxd
Covers fixes for:
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp
GHSA-qx75-2p3r-pwm5
GHSA-7mr3-28h5-m5vx
GHSA-47w9-6r3f-938g
GHSA-9j25-mm2h-2f76
GHSA-jpf8-86f3-wp38
GHSA-vghh-5rfx-xhq8
GHSA-fmc8-p6q7-75cc
GHSA-pjff-c2wc-f6jm
GHSA-hhf9-qw4v-72xp