CVE-2026-54196 is a medium-severity vulnerability (CVSS Score: 6.8) affecting JetFormBuilder versions <= 3.6.1. This issue allows subscribers to escalate their privileges. The vulnerability was published on 2026-06-17T13:20:50.960Z and last modified on 2026-06-17T14:44:26.397Z. Users of affected versions should take immediate action to mitigate potential risks. The CVE record and NVD detail provide furthe [truncated]
CVE-2026-54195 is a HIGH severity vulnerability in JetFormBuilder versions <= 3.6.0.1. It allows unauthenticated Cross Site Scripting (XSS) attacks. The CVSS score is 7.1. The vulnerability was published on 2026-06-17T13:20:50.820Z and last modified on 2026-06-17T17:17:26.393Z. Users of affected versions should take immediate action to mitigate the risk.
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in all versions up to and including 2.4.16. The vulnerability exists in the `action_get_event_data` functionality, which fails to validate user-controlled keys. Authenticated attackers with contributor-level access or higher can enumerate timeslot IDs and retrieve complete WP_Post ob [truncated]