0.0
CVE-2026-39505 - WordPress Seriously Simple Podcasting plugin <= 3.14.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.2.
0.0
CVE-2026-39504 - WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.
0.0
CVE-2026-39501 - WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5.
0.0
CVE-2026-39500 - WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= 2.3.2.
0.0
CVE-2026-39497 - WordPress FOX plugin <= 1.4.5 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through <= 1.4.5.
0.0
CVE-2026-39496 - WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through <= 4.3.3.
0.0
CVE-2026-39495 - WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.
0.0
CVE-2026-39488 - WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.
0.0
CVE-2026-39487 - WordPress Amelia plugin <= 2.1.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1.
0.0
CVE-2026-39486 - WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through <= 5.1.8.