CVE-2026-39497
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from n/a through
Tagged: Cybersecurity Alert
CVE-2026-39500
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through
CVE-2026-39484
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00. More information : https://patchstack.com/database/Wordpress/Plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-7-0-00-open-redirection-vulnerability?_s_id=cve
CVE-2026-39485
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through
CVE-2026-39486
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download Monitor: from n/a through
CVE-2026-39487
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through
CVE-2026-39488
Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through
CVE-2026-39495
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through
CVE-2026-39496
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through
CVE-2026-39473
Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through
CVE-2026-39475
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through
CVE-2026-39476
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through
CVE-2026-39477
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through
CVE-2026-39479
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through