PT-2026-56938 · Undefined · Undefined

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-57774

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
Man, this is straight-up wild! Nearly 100 plugins and themes are completely exposed right now with zero fixes in sight, and honestly, it's making my anxiety spike just thinking about it!
If the developer went ghost and abandoned ship, you've got to stop messing around and dump that software immediately.
Seriously, just deactivating that junk does absolutely nothing to save you.
CVE ID | Nome / Descrição

CVE-2026-9711 | EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter
CVE-2026-57692 | Private Content <= 9.9.2 - Unauthenticated Privilege Escalation
CVE-2026-27419 | Zegen - Church WordPress Theme <= 1.1.9 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2026-42382 | Audrey <= 1.5 - Unauthenticated Local File Inclusion
CVE-2025-58902 | Lighthouse <= 1.2.12 - Unauthenticated Local File Inclusion
CVE-2026-27412 | Pearl - Corporate Business <= 3.4.10 - Unauthenticated Local File Inclusion
CVE-2026-12240 | Export User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display name Field
CVE-2026-57788 | Aalto <= 1.8 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57789 | Aqua <= 5.1.2 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-27060 | ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 7.0 - Authenticated (Contributor+) PHP Object Injection
CVE-2026-57790 | Billey <= 2.1.8 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57791 | Brook - Agency Business Creative WordPress Theme <= 2.9.0 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57792 | Dør - Modern Architecture and Interior Design Theme <= 2.4.1 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57793 | Flow <= 1.8 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57794 | Golo Framework <= 1.7.3 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57795 | Kitchor <= 1.4.3 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57796 | Leedo <= 3.0.0 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57798 | NewsPlus Shortcodes <= 4.2.0 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57799 | Nuss - Hotel Booking WordPress <= 1.3.6 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57800 | Overworld - eSports and Gaming WordPress Theme <= 1.5 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57801 | SetSail - Travel Agency WordPress Theme <= 2.1 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57748 | Shopify <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57749 | SportsPress Pro <= 2.7.29 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57802 | Struktur - Creative Agency WordPress Theme <= 2.5.1 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57803 | Struktur Core <= 2.5.1 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57804 | TheGem Theme Elements <= 5.11.1 - Authenticated (Contributor+) Local File Inclusion
CVE-2026-57805 | Tonda <= 2.5 - Authenticated (Contributor+) Local File Inclusion
CVE-2025-69133 | Tour Master - Tour Booking, Travel, Hotel <= 5.4.5 - Authenticated (Subscriber+) Local File Inclusion
CVE-2026-27414 | Werkstatt - Creative Portfolio WordPress Theme <= 4.8.3 - Authenticated (Contributor+) PHP Object Injection
CVE-2025-69152 | Artale | Wedding Photography WordPress <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-69155 | Fitness Zone WordPress <= 5.7 - Unauthenticated Stored Cross-Site Scripting
CVE-2026-27436 | Five Star Business Profile and Schema <= 2.3.19 - Authenticated (Editor+) Arbitrary Code Execution
CVE-2026-27402 | Kids Life | Children School WordPress <= 5.2 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-69156 | Kids Zone - Children WordPress <= 5.4 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-69154 | SpaLab | Beauty Salon WordPress <= 6.7 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-69132 | Corpkit - Business Consulting WordPress Theme <= 1.0.5 - Authenticated (Subscriber+) Sensitive Information Exopsure
CVE-2026-57787 | CWS SVGicons <= 1.5.5 - Authenticated (Contributor+) SQL Injection
CVE-2026-57771 | GD Rating System <= 3.7 - Authenticated (Contributor+) SQL Injection
CVE-2026-57752 | iNET Webkit 1.2.4 - Authenticated (Contributor+) SQL Injection
CVE-2026-11367 | PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter
CVE-2026-57765 | Shopping Cart & eCommerce Store <= 5.9.1 - Authenticated (Contributor+) SQL Injection
CVE-2025-69094 | Unicamp - University and College WordPress Theme <= 2.2.2 - Authenticated (Subscriber+) SQL Injection
CVE-2026-57772 | WP Inventory Manager <= 2.4.0 - Authenticated (Contributor+) SQL Injection
CVE-2026-57780 | Envision Page Builder – A collection of WordPress Gutenberg blocks & templates <= 0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57755 | Mosaic Gallery – Advanced Gallery <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57737 | Shortcodes and extra features for Phlox theme <= 2.17.21 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57762 | Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management <= 151 - Authenticated (Author+) Stored Cross-Site Scripting
CVE-2026-57783 | Speaker <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57763 | Structured Content (JSON-LD) #wpsc <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57764 | Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57684 | TheFox <= 3.9.70 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-57754 | WPBakery Page Builder Addons by Livemesh <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2026-27426 | Automotive Car Dealership Business WordPress Theme <= 13.3.3 - Reflected Cross-Site Scripting
CVE-2026-27425 | Automotive Listings <= 18.6 - Reflected Cross-Site Scripting
CVE-2026-27404 | LMS <= 9.7 - Reflected Cross-Site Scripting
CVE-2026-27408 | NativeChurch <= 4.8.8.2 - Reflected Cross-Site Scripting
CVE-2025-69153 | Trendy Travel <= 6.7 - Reflected Cross-Site Scripting
CVE-2026-57778 | Booking calendar, Appointment Booking System <= 3.2.36 - Missing Authorization
CVE-2026-57750 | ez Form Calculator Premium <= 2.14.1.2 - Missing Authorization
CVE-2026-57779 | Fascinate <= 1.1.5 - Missing Authorization
CVE-2026-57753 | Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 - Unauthenticated Information Exposure
CVE-2026-57781 | MeetingHub – Webinar & Meeting Plugin for Zoom, Google Meet, Webex, Microsoft Teams, & Jitsi Meet <= 1.25.10 - Missing Authorization
CVE-2026-27433 | Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.80 - Missing Authorization
CVE-2026-39448 | NOWPayments for WooCommerce – Crypto Payment Gateway <= 1.4.0 - Missing Authorization
CVE-2025-69134 | OpenAI Chatbot for WordPress – Helper <= 1.1.4 - Missing Authorization to Unauthenticated Arbitrary Content Deletion
CVE-2026-12349 | Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion
CVE-2026-57760 | Sendcloud Shipping <= 1.0.31 - Missing Authorization
CVE-2026-57782 | Universal Clocks <= 1.2.0 - Missing Authorization
CVE-2026-57774 | VW Food Corner <= 1.1.0 - Missing Authorization
CVE-2026-57776 | VW Wedding <= 1.3.7 - Missing Authorization
CVE-2026-27435 | Woffice CRM <= 5.4.31 - Missing Authorization
CVE-2025-66076 | Woostify Sites Library <= 1.6.2 - Missing Authorization
CVE-2026-12560 | Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field
CVE-2026-57747 | Booked - Appointment Booking for WordPress <= 3.0.0 - Cross-Site Request Forgery
CVE-2026-57746 | Booked - Appointment Booking for WordPress <= 3.0.0 - Missing Authorization
CVE-2026-57730 | Flatsome <= 3.20.5 - Missing Authorization
CVE-2026-57731 | Flatsome <= 3.20.5 - Missing Authorization
CVE-2026-57751 | Heateor Social Login WordPress <= 1.1.39 - Cross-Site Request Forgery
CVE-2026-57736 | HubSpot All-In-One Marketing – Forms, Popups, Live Chat <= 11.3.56 - Authenticated (Contributor+) Information Exposure
CVE-2026-57685 | Martfury - WooCommerce Marketplace WordPress <= 3.2.8 - Missing Authorization
CVE-2026-57757 | pCloud WP Backup <= 2.0.4 - Cross-Site Request Forgery
CVE-2026-57758 | Permalink Manager for WooCommerce <= 1.0.8.2 - Cross-Site Request Forgery
CVE-2026-8944 | Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga id' Parameter
CVE-2026-57759 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.9.8 - Cross-Site Request Forgery
CVE-2026-49779 | Tax Exempt for WooCommerce <= 1.9.3 - Authenticated (Customer+) Path Traversal
CVE-2026-57690 | Werkstatt - Creative Portfolio WordPress Theme <= 4.7.2 - Cross-Site Request Forgery
CVE-2026-57689 | Werkstatt - Creative Portfolio WordPress Theme <= 4.7.2 - Missing Authorization
CVE-2026-57766 | WPIDE – File Manager & Code Editor <= 3.5.6 - Cross-Site Request Forgery
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

CVE-2026-57774

Produtos afetados

Undefined