Common Vulnerabilities and Exposures (CVE)

CVE-2026-57738

Jul 13, 2026 13:53:01 UTC

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through <= 1.13.0.

CVE-2026-57385

Jul 13, 2026 13:52:49 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsbd Vitepos vitepos-lite allows Blind SQL Injection.This issue affects Vitepos: from n/a through <= 3.4.2.

CVE-2026-57363

Jul 13, 2026 13:52:47 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot chatbot allows Stored XSS.This issue affects ChatBot: from n/a through <= 8.3.7.

CVE-2026-57727

Jul 13, 2026 13:52:36 UTC

Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13.

CVE-2026-57372

Jul 13, 2026 13:52:19 UTC

Server-Side Request Forgery (SSRF) vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through <= 7.0.

CVE-2026-57782

Jul 13, 2026 13:52:10 UTC

Missing Authorization vulnerability in PressTigers Universal Clocks universal-clocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Clocks: from n/a through <= 1.2.0.

CVE-2026-15373

Jul 13, 2026 13:51:54 UTC

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is...

CVE-2026-57709

Jul 13, 2026 13:51:42 UTC

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a th...

CVE-2026-57391

Jul 13, 2026 13:51:40 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through <= 4.2.3.

CVE-2026-57698

Jul 13, 2026 13:51:17 UTC

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce:...

CVE-2026-57668

Jul 13, 2026 13:50:56 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.2.2.

CVE-2026-57419

Jul 13, 2026 13:50:37 UTC

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce:...

CVE-2026-57715

Jul 13, 2026 13:50:14 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja Fluent CRM fluent-crm allows Reflected XSS.This issue affects Fluent CRM: from n/a through <= 3.1.7.

CVE-2026-57413

Jul 13, 2026 13:49:41 UTC

Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4.

CVE-2026-57394

Jul 13, 2026 13:49:18 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.14.