0.0
CVE-2026-39616 - WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerabiβ¦
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.
5.9
CVE-2026-39615 - WordPress Download Manager plugin <= 3.3.53 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.
0.0
CVE-2026-39614 - WordPress JW Player for WordPress plugin <= 2.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.
7.5
CVE-2026-39613 - WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through <= 2.3.3.
0.0
CVE-2026-39612 - WordPress KuteShop theme <= 4.2.9 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
7.5
CVE-2026-39611 - WordPress KuteShop theme <= 4.2.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9.
0.0
CVE-2026-39610 - WordPress WpXmas-Snow plugin <= 1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.
5.3
CVE-2026-39609 - WordPress Wava Payment plugin <= 0.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.
0.0
CVE-2026-39608 - WordPress iPOSpays Gateways WC plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways WC: from n/a through <= 1.3.7.
5.4
CVE-2026-39607 - WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17.