Common Vulnerabilities and Exposures (CVE)

CVE-2026-15324

Jul 16, 2026 08:26:51 UTC

The SysBasics Customize My Account for WooCommerce – Live My Account Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'row_type' parameter in all versions up to, and including, 4.4.14 due to insufficient ...

CVE-2026-15103

Jul 16, 2026 08:26:50 UTC

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the `update_...

CVE-2026-15727

Jul 16, 2026 08:26:50 UTC

The WP Bulk Delete plugin for WordPress is vulnerable to generic SQL Injection via the 'delete_user_roles' parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of suffici...

CVE-2026-15021

Jul 16, 2026 08:26:50 UTC

The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'location' Profile Field in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2026-15005

Jul 16, 2026 08:26:49 UTC

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for u...

CVE-2026-13741

Jul 16, 2026 08:26:49 UTC

The Digits: WordPress Mobile Number Signup and Login plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 9.1.0.5. This is due to missing authorization and role validation in the `dig_update_wpwc_...

CVE-2026-57025

Jul 16, 2026 08:26:17 UTC

A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series a...

CVE-2026-58077

Jul 16, 2026 08:18:03 UTC

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances.

CVE-2026-57832

Jul 16, 2026 08:17:06 UTC

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection.

CVE-2026-57833

Jul 16, 2026 08:15:58 UTC

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature.

CVE-2026-57831

Jul 16, 2026 08:15:17 UTC

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection.

CVE-2026-58078

Jul 16, 2026 08:14:15 UTC

The Joomla extension Quix Page Builder Pro is vulnerable to an unauthenticated SQL injection.

CVE-2026-6423

Jul 16, 2026 07:56:20 UTC

A local privilege escalation vulnerability in ESET Inspect Connector.  The vulnerability was caused by improper authentication in an IPC channel.

CVE-2026-12382

Jul 16, 2026 07:56:18 UTC

A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An...

CVE-2026-13755

Jul 16, 2026 07:51:06 UTC

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and ou...