9.3
CVE-2026-22484 - WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through <= 1.5.0.
7.2
CVE-2026-22480 - WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3.
7.5
CVE-2026-22448 - WordPress PitchPrint plugin <= 11.1.2 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through <= 11.1.2.
7.5
CVE-2025-69358 - WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0.
8.5
CVE-2025-69347 - WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through <= 1.8.10.
7.1
CVE-2025-69096 - WordPress Zorka theme <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through <= 1.5.7.
5.4
CVE-2026-20108 - CrossβSite Scripting in Cisco Catalyst SDβWAN Manager Web Interface
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user β¦
4.8
CVE-2026-20112 - Stored CrossβSite Scripting in Cisco IOSβ―XE Web Interface
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. β¦
5.3
CVE-2026-20113 - Unauthenticated CRLF Injection in Cisco IOx Log Management
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validaβ¦
5.4
CVE-2026-20114 - Elevated Privilege via Unvalidated Lobby Ambassador API Parameters
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because paramβ¦