{"resultsPerPage":40,"startIndex":0,"totalResults":40,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T18:27:04.270","vulnerabilities":[{"cve":{"id":"CVE-2026-48939","sourceIdentifier":"security@joomla.org","published":"2026-06-20T13:16:42.433","lastModified":"2026-07-11T05:16:34.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"icagenda.com","product":"iCagenda extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"3.2.1-4.0.7","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T00:00:00+00:00","id":"CVE-2026-48939","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-10","cisaActionDue":"2026-07-13","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomlic:icagenda:*:*:*:*:-:joomla\\!:*:*","versionStartIncluding":"3.2.1","versionEndExcluding":"3.9.15","matchCriteriaId":"7144E5C4-1940-44C7-8EF6-CE9260FC9ECF"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomlic:icagenda:*:*:*:*:-:joomla\\!:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.8","matchCriteriaId":"D76CC345-C89F-46E7-9887-F3ADE379E733"}]}]}],"references":[{"url":"https://www.icagenda.com/","source":"security@joomla.org","tags":["Product"]},{"url":"https://github.com/Polosss/By-Poloss..-..CVE-2026-48939","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://mysites.guru/blog/icagenda-zero-day-file-upload-rce/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48939","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.icagenda.com/docs/changelog/icagenda-3-9-15","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Release Notes"]},{"url":"https://www.icagenda.com/docs/changelog/icagenda-4-0-8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2026-56291","sourceIdentifier":"security@joomla.org","published":"2026-07-09T11:16:40.990","lastModified":"2026-07-11T05:16:34.310","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"balbooa.com","product":"balbooa.com Balbooa Forms extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-2.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-56291","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-10","cisaActionDue":"2026-07-13","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:balbooa:forms:*:*:*:*:*:joomla\\!:*:*","versionEndExcluding":"2.4.1","matchCriteriaId":"A5149F96-A82C-4C48-B4A5-D8AD99418D47"}]}]}],"references":[{"url":"https://mysites.guru/blog/balbooa-forms-unauthenticated-file-upload-flaw/","source":"security@joomla.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.balbooa.com/joomla-forms","source":"security@joomla.org","tags":["Product"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56291","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-0276","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-09T20:16:24.670","lastModified":"2026-07-11T05:16:31.683","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Cortex XDR Broker VM","defaultStatus":"unaffected","versions":[{"version":"20.0.96","lessThan":"31.0.58","versionType":"custom","status":"affected","changes":[{"at":"31.0.58","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber","baseScore":1.1,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-0276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0276","source":"psirt@paloaltonetworks.com"}]}},{"cve":{"id":"CVE-2026-0278","sourceIdentifier":"psirt@paloaltonetworks.com","published":"2026-07-09T20:16:24.983","lastModified":"2026-07-11T05:16:31.883","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user to bypass DLP policy enforcement controls.\n\n\n\nThe Prisma Access Agent on macOS is not affected."}],"affected":[{"source":"psirt@paloaltonetworks.com","affectedData":[{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["Windows"],"versions":[{"version":"24.0","lessThan":"26.2.1","versionType":"custom","status":"affected","changes":[{"at":"26.2.1","status":"unaffected"}]}]},{"vendor":"Palo Alto Networks","product":"Prisma Access Agent","defaultStatus":"unaffected","platforms":["macOS"],"versions":[{"version":"All","versionType":"custom","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:H/U:Amber","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"AUTOMATIC","valueDensity":"CONCENTRATED","vulnerabilityResponseEffort":"HIGH","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T00:00:00+00:00","id":"CVE-2026-0278","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@paloaltonetworks.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]}],"references":[{"url":"https://security.paloaltonetworks.com/CVE-2026-0278","source":"psirt@paloaltonetworks.com"}]}},{"cve":{"id":"CVE-2026-21042","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.797","lastModified":"2026-07-11T05:16:33.163","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-21042","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21043","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:34.930","lastModified":"2026-07-11T05:16:33.267","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-21043","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21046","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.290","lastModified":"2026-07-11T05:16:33.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-21046","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21049","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.533","lastModified":"2026-07-11T05:16:33.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-21049","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21052","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:35.877","lastModified":"2026-07-11T05:16:33.577","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Samsung Mobile Devices","defaultStatus":"affected","versions":[{"version":"SMR Jul-2026 Release in Android 14, 15, 16","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-21052","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-21055","sourceIdentifier":"mobile.security@samsung.com","published":"2026-07-10T05:16:36.217","lastModified":"2026-07-11T05:16:33.677","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege."}],"affected":[{"source":"mobile.security@samsung.com","affectedData":[{"vendor":"Samsung Mobile","product":"Bixby","defaultStatus":"affected","versions":[{"version":"4.0.70.8","lessThan":"*","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"mobile.security@samsung.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-21055","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=07","source":"mobile.security@samsung.com"}]}},{"cve":{"id":"CVE-2026-15028","sourceIdentifier":"secalert@redhat.com","published":"2026-07-10T10:16:23.417","lastModified":"2026-07-11T05:16:32.493","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libarchive","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T00:00:00+00:00","id":"CVE-2026-15028","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15028","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497970","source":"secalert@redhat.com"},{"url":"https://github.com/libarchive/libarchive/issues/3251","source":"secalert@redhat.com"},{"url":"https://github.com/libarchive/libarchive/pull/3253","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-10628","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:02.733","lastModified":"2026-07-11T04:17:02.733","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to convert and drain any user's reward points into wallet balance, exfiltrate all users' emails and point balances to an attacker-controlled Klaviyo account, overwrite the site's Klaviyo public API key, block or unblock arbitrary users from the points system, and modify campaign banner and heading settings. The nonce used for authentication of these requests (wps-wpr-verify-nonce) is injected into every public-facing page via wp_localize_script(), and the wps_wpr_generate_custom_wallet handler is additionally registered on the wp_ajax_nopriv_ hook, meaning unauthenticated visitors can also obtain a valid nonce and exploit that specific action."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpswings","product":"Points and Rewards for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.10.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.10.0/admin/class-points-rewards-for-woocommerce-admin.php#L1814","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.10.0/admin/class-points-rewards-for-woocommerce-admin.php#L2568","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.10.0/admin/class-points-rewards-for-woocommerce-admin.php#L2657","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.10.0/public/class-points-rewards-for-woocommerce-public.php#L191","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.10.0/public/class-points-rewards-for-woocommerce-public.php#L3493","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.9.7/admin/class-points-rewards-for-woocommerce-admin.php#L1814","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.9.7/admin/class-points-rewards-for-woocommerce-admin.php#L2568","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.9.7/admin/class-points-rewards-for-woocommerce-admin.php#L2657","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.9.7/public/class-points-rewards-for-woocommerce-public.php#L191","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/points-and-rewards-for-woocommerce/tags/2.9.7/public/class-points-rewards-for-woocommerce-public.php#L3493","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3602815%40points-and-rewards-for-woocommerce&new=3602815%40points-and-rewards-for-woocommerce","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/582e15cb-b924-4c24-818e-dfc2900f82c3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12426","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.503","lastModified":"2026-07-11T04:17:16.503","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.22 via the members_filter_protected_posts_for_rest. This makes it possible for unauthenticated attackers to extract determine the existence and exact count of access-restricted posts, and use per-page pagination as a boolean oracle to infer keywords and content contained within those hidden restricted posts."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"supercleanse","product":"Members – Membership & User Role Editor Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.2.22","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/members/tags/3.2.19/inc/functions-content-permissions.php#L337","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/members/tags/3.2.19/inc/functions-private-site.php#L42","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/members/tags/3.2.22/inc/functions-content-permissions.php#L337","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/members/tags/3.2.22/inc/functions-private-site.php#L42","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3594293%40members%2Ftrunk&old=3552545%40members%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3557a6-aa72-496c-8515-2f6055de6b22?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13114","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.650","lastModified":"2026-07-11T04:17:16.650","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"stylemix","product":"Motors – Car Dealership & Classified Listings Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.112","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.108/assets/js/listing-manager/libs/tooltip.js#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.108/assets/js/listing-manager/libs/tooltip.js#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.108/includes/helpers.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.112/assets/js/listing-manager/libs/tooltip.js#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.112/assets/js/listing-manager/libs/tooltip.js#L73","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/motors-car-dealership-classified-listings/tags/1.4.112/includes/helpers.php#L278","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3594971/motors-car-dealership-classified-listings","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4e25aa6-8028-4c85-98c4-6f47a1502427?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13262","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.793","lastModified":"2026-07-11T04:17:16.793","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter in all versions up to, and including, 1.1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires a valid 'get-smart-reply' nonce, which any Subscriber-level user can obtain by creating a ticket via the public frontend and visiting the resulting ticket detail page, making this effectively exploitable by any authenticated user."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"ahmadmj","product":"Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/includes/ajax.php#L19","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/modules/smartreply/model.php#L183","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/modules/smartreply/model.php#L184","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.8/modules/ticket/tpls/ticketdetail.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/includes/ajax.php#L19","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/modules/smartreply/model.php#L183","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/modules/smartreply/model.php#L184","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.1.9/modules/ticket/tpls/ticketdetail.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/majestic-support/tags/1.2.0/modules/smartreply/model.php?rev=3599140#L212","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/502577dd-49e3-419d-8b37-591be69ad131?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13353","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:16.937","lastModified":"2026-07-11T04:17:16.937","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.0.1 via the 'MappedFields' parameter. This is due to missing capability checks on the AJAX handlers for install_addon, saveMappedFields, and StartImport, combined with the plugin nonce being exposed to any authenticated user who can load an admin page, allowing a Subscriber to install the Import WooCommerce add-on, persist attacker-controlled PHP expressions in the MappedFields parameter, and trigger evaluation via eval() in ImportHelpers::get_meta_values(). This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"smackcoders","product":"WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/InstallAddons.php#L66","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/SaveMapping.php#L1562","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/SaveMapping.php#L185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-ultimate-csv-importer/tags/8.0.1/wp-ultimate-csv-importer.php#L419","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3591135/wp-ultimate-csv-importer","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e89fc348-1146-4593-8bf5-127f783ab786?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15072","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:19.953","lastModified":"2026-07-11T04:17:19.953","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires that the attacker hold at minimum a KiviCare Doctor-level account, or a Receptionist or Clinic Admin role that grants the doctor_session_list capability."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"iqonicdesign","product":"KiviCare – Clinic & Patient Management System (EHR)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L1283","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L470","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L1208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L1282","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L87","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3602561%40kivicare-clinic-management-system&new=3602561%40kivicare-clinic-management-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2857fd0-2401-4e38-aa8a-3f0a89e14b78?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15073","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:21.943","lastModified":"2026-07-11T04:17:21.943","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation requires a KiviCare Doctor, Receptionist, or Clinic Admin role at minimum, as the vulnerable REST endpoint is restricted to authenticated users with custom plugin-level access."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"iqonicdesign","product":"KiviCare – Clinic & Patient Management System (EHR)","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/baseClasses/KCQueryBuilder.php#L470","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L648","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/4.5.0/app/controllers/api/DoctorSessionController.php#L660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3602561%40kivicare-clinic-management-system&new=3602561%40kivicare-clinic-management-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f5ff7bc-9443-4b34-abd3-dac800f162a1?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15338","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:22.537","lastModified":"2026-07-11T04:17:22.537","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the get_type_template function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. The wp_normalize_path function used in get_template only normalizes directory separators and does not resolve or reject path traversal sequences, while the extension check is trivially bypassed because the caller already appends the required extension to the traversal payload."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"choijun","product":"LA-Studio Element Kit for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.6.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.6.1/includes/addons/progress-bar.php#L866","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.6.1/includes/addons/progress-bar.php#L869","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.6.1/lastudio-element-kit.php#L430","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.6.1/templates/progress-bar/global/index.php#L20","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lastudio-element-kit/tags/1.6.1/templates/progress-bar/global/index.php#L6","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3602507%40lastudio-element-kit&new=3602507%40lastudio-element-kit","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4c3f136-fa26-4813-9e69-f94eba9e4df7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3367","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:23.670","lastModified":"2026-07-11T04:17:23.670","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The register_setting() call on line 197 lacks a sanitize callback, allowing unsanitized data to be stored via update_option(). When the settings page is rendered, the stored value is echoed directly into an HTML input's value attribute without esc_attr() on line 212. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in the settings page that will execute whenever a user accesses the plugin settings page. Multiple fields are affected: App ID (client_id), App Secret (client_secret), Bookings ID prefix (id_prefix), and API domain (api_domain). This vulnerability is particularly impactful in WordPress multisite installations where administrators of individual sites should not be able to execute JavaScript affecting other users."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"lustmored","product":"Lockme calendars integration","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.11.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L223","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L256","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/tags/2.9.3/src/Plugin.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L212","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L223","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L245","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L256","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/lockme-calendars-integration/trunk/src/Plugin.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3495564%40lockme-calendars-integration&new=3495564%40lockme-calendars-integration","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/800b1a44-4173-4b8e-bc69-9a64218e64d6?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5743","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:23.843","lastModified":"2026-07-11T04:17:23.843","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the pgc_sgb_render_callback() function. The vulnerability exists because the pgc_sgb_sanitize_custom_css() function uses a flawed regex pattern that only removes event handlers with quoted values (e.g., onfocus=\"alert()\") but fails to catch unquoted event handlers (e.g., onfocus=alert(document.cookie)), allowing the malicious code to bypass sanitization. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages via block attributes that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"gallerycreator","product":"SimpLy Gallery","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.3.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L142","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/tags/3.3.2.2/blocks/init.php#L95","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L142","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L151","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/blocks/init.php#L95","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3581386%40simply-gallery-block&new=3581386%40simply-gallery-block","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/29b1984d-e6da-49d5-8b40-cdf2f1bcc1bb?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7544","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:23.993","lastModified":"2026-07-11T04:17:23.993","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data including Mux API credentials."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"2coders","product":"Mux Video Uploader","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/tags/1.1.4/includes/functions.php#L668","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/tags/1.1.4/includes/functions.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/trunk/includes/functions.php#L668","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/2coders-integration-mux-video/trunk/includes/functions.php#L672","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3543763%402coders-integration-mux-video&new=3543763%402coders-integration-mux-video","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e462a7ba-887c-408d-87a6-9260a33dcff5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-8678","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T04:17:26.903","lastModified":"2026-07-11T04:17:26.903","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to view and modify shipment options — including carrier, delivery type, package type, number of labels, weight, signature requirement, and insurance — on any arbitrary order."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"richardperdaan","product":"MyParcel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.25.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.24.3/includes/admin/class-wcmypa-admin.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.24.3/includes/admin/class-wcmypa-admin.php#L653","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.24.3/includes/admin/class-wcmypa-admin.php#L872","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.25.1/includes/admin/class-wcmypa-admin.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.25.1/includes/admin/class-wcmypa-admin.php#L653","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-myparcel/tags/4.25.1/includes/admin/class-wcmypa-admin.php#L872","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3585914%40woocommerce-myparcel&new=3585914%40woocommerce-myparcel","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1a7bdae1-b28a-4fc6-9538-944ffeb32796?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2025-13968","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:30.190","lastModified":"2026-07-11T05:16:30.190","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"starboardsuite","product":"Starboard Suite Reservation Calendars","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/starboard-suite-reservation-calendars/tags/3.0.0/starboard-suite.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/starboard-suite-reservation-calendars/tags/3.0.0/starboard-suite.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/starboard-suite-reservation-calendars/trunk/starboard-suite.php#L64","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/starboard-suite-reservation-calendars/trunk/starboard-suite.php#L78","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3551037%40starboard-suite-reservation-calendars&new=3551037%40starboard-suite-reservation-calendars","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e8a3628-b7cf-4f1a-89dc-d7e58257b2e4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12141","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.000","lastModified":"2026-07-11T05:16:32.000","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_tooltip_text' parameter in all versions up to, and including, 4.11.84 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The injected payload is specifically triggered when an administrator or higher-privileged user opens the affected post in the Elementor editor, as the raw unescaped output occurs via the print_template() method registered on the 'elementor/section/print_template' hook rather than on the public-facing frontend."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"leap13","product":"Premium Addons for Elementor – Powerful Elementor Templates & Widgets","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.11.84","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.82/addons/tooltips.php#L251","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.82/addons/tooltips.php#L68","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.11.82/addons/tooltips.php#L984","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3597629%40premium-addons-for-elementor&new=3597629%40premium-addons-for-elementor","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/867a0742-4fa9-4473-8d51-9abb6ec353a8?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13116","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.123","lastModified":"2026-07-11T05:16:32.123","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generate_document_shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to mint publicly accessible, session-free download links for arbitrary third-party orders, exposing customer names, billing and shipping addresses, email addresses, phone numbers, order and invoice numbers, line items, totals, payment details, and customer notes contained in those orders' invoices and packing slips. Exploitation requires the plugin's Document link access type setting to be configured to 'full'; with the default 'logged_in' value, generated URLs are signed with a per-session nonce rather than the order_key, making the shortcode path unexploitable for unauthorized access to third-party orders."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpovernight","product":"PDF Invoices & Packing Slips for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.14.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.14.0/includes/Endpoint.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.14.0/includes/Frontend.php#L271","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.14.0/includes/Frontend.php#L284","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.9.2/includes/Endpoint.php#L111","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.9.2/includes/Frontend.php#L271","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woocommerce-pdf-invoices-packing-slips/tags/5.9.2/includes/Frontend.php#L284","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3590578%40woocommerce-pdf-invoices-packing-slips&new=3590578%40woocommerce-pdf-invoices-packing-slips","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6525195e-5d90-4dd4-b9ee-612a8295c262?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-13250","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.243","lastModified":"2026-07-11T05:16:32.243","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete all content previously imported via the Starter Template feature, including posts, pages, media attachments, WooCommerce products, taxonomy terms, and sitebuilder templates. The required nonce is emitted on every wp-admin page via wp_localize_script() hooked to admin_enqueue_scripts without a page guard, meaning any Subscriber visiting /wp-admin/profile.php can obtain it; the handler is additionally registered via wp_ajax_nopriv_, making it reachable by fully unauthenticated users as well."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"solacewp","product":"Solace Extra","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.5.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.1/admin/class-solace-extra-admin.php#L287","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.1/admin/import.php#L1424","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.1/includes/class-solace-extra.php#L313","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.3/admin/class-solace-extra-admin.php#L287","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.3/admin/import.php#L1424","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/solace-extra/tags/1.5.3/includes/class-solace-extra.php#L313","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3593408%40solace-extra&new=3593408%40solace-extra","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/860747b9-46ab-4c97-af36-f2e104043be0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14262","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.367","lastModified":"2026-07-11T05:16:32.367","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list — leaving any attacker-supplied identity claims such as `email`, `id`, or `username` intact and signed into the JWT with the site's HS256 secret. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an Administrator by injecting a target administrator's email address into the `payload` parameter at the `/wp-json/simple-jwt-login/v1/auth` endpoint, then redeeming the resulting JWT at the `/autologin` endpoint to obtain a fully authenticated session as that administrator."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"nicu_m","product":"Simple JWT Login – Allows you to use JWT on REST endpoints.","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.6.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/AuthenticateService.php#L163","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/AuthenticateService.php#L34","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/BaseService.php#L269","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/LoginService.php#L62","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3597277%40simple-jwt-login&new=3597277%40simple-jwt-login","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd97a7a4-9f57-4882-9e3e-0e9853416af9?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15096","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.670","lastModified":"2026-07-11T05:16:32.670","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themifyme","product":"Themify Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.7.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-builder-data-manager.php#L154","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-themify-builder-active.php#L559","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/templates/template-map.php#L143","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601964%40themify-builder&new=3601964%40themify-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/72131ba4-976b-4f89-9a69-2469f22eb5fd?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15097","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.793","lastModified":"2026-07-11T05:16:32.793","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'height_slider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themifyme","product":"Themify Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.7.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-builder-data-manager.php#L154","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-builder-data-manager.php#L402","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/classes/class-themify-builder-active.php#L559","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themify-builder/tags/7.7.6/templates/template-slider.php#L107","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3601964%40themify-builder&new=3601964%40themify-builder","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/03721b29-7b26-4166-bba1-81614b412a09?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15335","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:32.923","lastModified":"2026-07-11T05:16:32.923","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerable REST API endpoint /wp-json/booking-package/v1/request is registered with permission_callback: __return_true and wp_magic_quotes does not apply to REST-sourced $_POST values, meaning single quotes in the payload reach the SQL sink intact without any authentication requirement. The impact of this is severely limited as the vulnerable parameter goes through is_email."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"masaakitanaka","product":"Booking Package","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.7.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.18/index.php#L243","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.18/index.php#L4381","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.18/lib/Schedule.php#L12793","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.18/lib/Schedule.php#L9365","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.20/index.php#L243","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.20/index.php#L4381","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.20/lib/Schedule.php#L12793","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/booking-package/tags/1.7.20/lib/Schedule.php#L9365","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3602166%40booking-package&new=3602166%40booking-package","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc86a29-cb1f-4711-925c-51dbbf682477?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-1832","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:33.043","lastModified":"2026-07-11T05:16:33.043","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedesk_clear_cache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"thrivedesk","product":"Agentic Help Desk Plugin for WordPress – Live Chat, AI Chatbot & Ticketing – ThriveDesk","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.1.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://cwe.mitre.org/data/definitions/862.html","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/thrivedesk/tags/2.1.5/includes/helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/thrivedesk/tags/2.2.0/includes/helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/thrivedesk/trunk/includes/helper.php#L238","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3512748%40thrivedesk&new=3512748%40thrivedesk","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ec4bc1d4-2f14-4f3e-85ed-8737c56f905c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-2354","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:33.777","lastModified":"2026-07-11T05:16:33.777","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` function in all versions up to, and including, 1.4.6. The `upload_extension_files()` function hooks into WordPress's `wp_check_filetype_and_ext` filter and uses `strpos()` to check if a filename contains a configured extension string, rather than verifying the actual file extension. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files (including PHP) on the affected site's server which may make remote code execution possible, granted the \"Enhanced Multi-Format Image Support\" feature is enabled with at least one extension (e.g., avif) in the allowed formats."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpmessiah","product":"Swiss Toolkit For WP","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/tags/1.4.2/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/tags/1.4.2/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L95","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php#L95","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/06bccd2e-6891-433a-9f5b-3ec0c30afef4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3552","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:33.897","lastModified":"2026-07-11T05:16:33.897","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajax_import_410() function in all versions up to 2.6.0. This is due to a missing capability check (current_user_can()) and missing nonce verification (check_ajax_referer()) in the ajax_import_410() function, while all other AJAX handlers in the same class (ajax_add_single_410, ajax_save_editted_410, ajax_delete_410, ajax_bulk_410_delete, ajax_empty_410, ajax_export_410) properly implement both authorization and nonce checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import arbitrary URLs into the 410 Gone database table via the surfl_import_410 AJAX action. Injected URLs will cause the site to return HTTP 410 Gone responses to all visitors accessing those paths, potentially causing denial of service for legitimate pages and SEO damage through search engine delisting."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"surflabtech","product":"SurfLink – Link Manager & Backup Restore","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.6.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/surflink/tags/2.4.1/includes/class-surfl-410.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/tags/2.4.1/includes/class-surfl-410.php#L513","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/tags/2.4.1/includes/class-surfl-410.php#L585","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/trunk/includes/class-surfl-410.php#L32","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/trunk/includes/class-surfl-410.php#L513","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/surflink/trunk/includes/class-surfl-410.php#L585","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3542304%40surflink&new=3542304%40surflink","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/22e0060d-7852-4326-98bc-1c49bebe6205?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3576","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.013","lastModified":"2026-07-11T05:16:34.013","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and including, 3.0. The ulap.php file acts as an AJAX proxy and is directly accessible without WordPress bootstrapping or any authentication. The send_http_post() function validates the host of the provided URL against an allowlist that includes 'localhost', but critically fails to validate the URL scheme/protocol. This makes it possible for unauthenticated attackers to supply a file:// URL (e.g., file://localhost/etc/passwd) which bypasses the host allowlist check because parse_url() returns 'localhost' as the host. The URL is then passed to curl_init() or fopen(), both of which support the file:// protocol, allowing the attacker to read arbitrary local files on the server and have their contents returned in the HTTP response. This can lead to disclosure of sensitive files such as /etc/passwd, wp-config.php (containing database credentials and authentication keys), and other server-side files."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"xtreeme","product":"Planyo online reservation system","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L120","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/tags/2.7/ulap.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L118","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L120","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L59","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/planyo-online-reservation-system/trunk/ulap.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3488647%40planyo-online-reservation-system&new=3488647%40planyo-online-reservation-system","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5038d12a-e119-4ab7-aadc-69b765ae7027?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6803","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.430","lastModified":"2026-07-11T05:16:34.430","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wp_ajax_ and wp_ajax_nopriv_ hooks, as the base controller's getPermissions() returns an empty array and neither removeGroup nor clear are added to getNoncedMethods(), causing the authorization gate to unconditionally return true for these actions. This makes it possible for unauthenticated attackers to delete specific records by ID or delete all records from any module's database table by unauthenticated attackers."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wupsales","product":"AI Copilot – Content Generator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/classes/controller.php#L112","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/classes/controller.php#L133","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/classes/controller.php#L142","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/classes/frame.php#L283","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/classes/model.php#L173","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/classes/controller.php#L112","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/classes/controller.php#L133","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/classes/controller.php#L142","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/classes/frame.php#L283","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/classes/model.php#L173","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3582369%40ai-copilot-content-generator&new=3582369%40ai-copilot-content-generator","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/080740e3-ca04-48b4-8b34-64f5e42b1185?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6804","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.553","lastModified":"2026-07-11T05:16:34.553","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to publish draft WordPress posts, exposing unpublished content, or unpublish live content, causing service disruption, by supplying arbitrary scenario IDs."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wupsales","product":"AI Copilot – Content Generator","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/classes/frame.php#L283","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/modules/workspace/controller.php#L130","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/modules/workspace/controller.php#L141","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/tags/1.4.6/modules/workspace/controller.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/classes/frame.php#L283","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/modules/workspace/controller.php#L130","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/modules/workspace/controller.php#L141","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/ai-copilot-content-generator/trunk/modules/workspace/controller.php#L9","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3582369%40ai-copilot-content-generator&new=3582369%40ai-copilot-content-generator","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d8ea0b-3c54-4d9d-8f14-2055510f3119?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7559","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.673","lastModified":"2026-07-11T05:16:34.673","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.3.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to approve or reject affiliate referrals, credit commissions to affiliate wallets, delete referral records, and modify custom banner plugin options, enabling financial fraud. The nonce required to pass the only authentication check is embedded in every frontend page load via rtwalwm_global_params.rtwalwm_nonce, making it trivially accessible to any authenticated user regardless of role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"redefiningtheweb","product":"Affiliate Program & Referral Tracking for WooCommerce & WordPress – Affilia","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L742","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L812","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L837","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/tags/3.3.3/public/rtwalwm-class-wp-wc-affiliate-program-public.php#L127","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L660","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L742","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L812","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/admin/rtwalwm-class-wp-wc-affiliate-program-admin.php#L837","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/affiliaa-affiliate-program-with-mlm/trunk/public/rtwalwm-class-wp-wc-affiliate-program-public.php#L127","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3542527%40affiliaa-affiliate-program-with-mlm&new=3542527%40affiliaa-affiliate-program-with-mlm","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/85a37373-a97f-44b7-a743-bbaaa0056a6c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-7620","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.790","lastModified":"2026-07-11T05:16:34.790","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthorized manipulation of the plugin's background task scheduling logic."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rainafarai","product":"Notification for Telegram","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.5.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5.1/include/nftncron.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5.1/include/nftncron.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5.1/include/nftncron.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5/include/nftncron.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5/include/nftncron.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/tags/3.5/include/nftncron.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/trunk/include/nftncron.php#L122","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/trunk/include/nftncron.php#L126","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/notification-for-telegram/trunk/include/nftncron.php#L94","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3524838%40notification-for-telegram&new=3524838%40notification-for-telegram","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/01055be6-42ae-405f-9c8b-7acf5297867e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9738","sourceIdentifier":"security@wordfence.com","published":"2026-07-11T05:16:34.910","lastModified":"2026-07-11T05:16:34.910","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and including, 5.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"printfriendly","product":"Print, PDF & Email by PrintFriendly","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.5.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.10/pf.php#L367","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.10/pf.php#L391","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.10/pf.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.8/pf.php#L367","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.8/pf.php#L391","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/printfriendly/tags/5.5.8/pf.php#L681","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3590593%40printfriendly&new=3590593%40printfriendly","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/43d54cb5-7813-4d30-a081-db84e0d29030?source=cve","source":"security@wordfence.com"}]}}]}