HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2026-54198

Jun 16, 2026 09:00:38 UTC

Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.

CVE-2026-54197

Jun 16, 2026 09:00:37 UTC

Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.

CVE-2026-54191

Jun 16, 2026 09:00:37 UTC

Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.

CVE-2026-54190

Jun 16, 2026 09:00:36 UTC

Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.

CVE-2026-52715

Jun 16, 2026 09:00:35 UTC

Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

CVE-2026-52714

Jun 16, 2026 09:00:34 UTC

Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions.

CVE-2026-52712

Jun 16, 2026 09:00:33 UTC

Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

CVE-2026-52711

Jun 16, 2026 09:00:33 UTC

Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 versions.

CVE-2026-39581

Jun 16, 2026 09:00:32 UTC

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.

CVE-2026-39574

Jun 16, 2026 09:00:31 UTC

Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.

CVE-2026-39490

Jun 16, 2026 09:00:30 UTC

Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versions.

CVE-2026-39437

Jun 16, 2026 09:00:29 UTC

Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions.

CVE-2025-68045

Jun 16, 2026 09:00:29 UTC

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.

CVE-2026-10825

Jun 16, 2026 08:51:57 UTC

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption an...

CVE-2026-5416

Jun 16, 2026 08:18:02 UTC

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise.

Page: 2