A critical SQL injection vulnerability was discovered in the GIFT4U plugin, affecting versions up to 1.0.10. This vulnerability allows for blind SQL injection, posing a significant risk to affected systems. The vulnerability was publicly disclosed on June 17, 2026, and has been rated with a CVSS score of 9.3, indicating a critical severity level. The vulnerability is caused by improper neutralization of s [truncated]
CVE-2026-39593 describes a missing-authorization flaw in the VillaTheme HAPPY WordPress plugin, affecting versions through 1.0.10. The issue is mapped to broken access control (CWE-862) and scored CVSS 6.5 (medium), with network attack conditions and no user interaction required. Because the source corpus does not provide a confirmed fixed version or a clear vendor ownership record, the safest stance is t [truncated]