CVE-2026-57409 is a Cross-site Scripting vulnerability in Active Products Tables for WooCommerce, a WordPress plugin. The vulnerability, known as DOM-Based XSS, arises from improper neutralization of input during web page generation. The CVE record was published on 2026-07-13T10:16:34.650Z and has not been modified since then. Users of Active Products Tables for WooCommerce plugin version 1.1.0 or earlier [truncated]
CVE-2026-39574 is a critical vulnerability in the InPost Gallery plugin for WordPress, affecting versions up to and including 2.1.4.6. This vulnerability allows unauthenticated attackers to inject malicious SQL code, potentially leading to data breaches or other security issues. The vulnerability has a CVSS score of 9.3, indicating a high severity level.
A medium-severity authorization bypass vulnerability in the FOX – Currency Switcher Professional for WooCommerce plugin allows authenticated attackers with Subscriber-level access or higher to impersonate privileged roles and obtain unauthorized pricing. The flaw exists in the `get_value()` function within `classes/fixed/fixed_user_role.php`, which trusts the attacker-controlled `$_REQUEST['wooc_order_use [truncated]