The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4. This vulnerability allows unauthenticated attackers to append additional SQL queries into existing queries, potentially leading to sensitive information disclosure. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severit [truncated]
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in weDevs WooCommerce Conversion Tracking, affecting versions from n/a through 2.0.10. This vulnerability has been assigned a CVSS score of 4.3, indicating a Medium severity level. The vulnerability allows an attacker to perform Cross-Site Request Forgery (CSRF) attacks.
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user [truncated]
CVE-2026-4834 describes an unauthenticated SQL injection in the WP ERP Pro plugin for WordPress affecting all versions up to and including 1.5.1. The issue is tied to insufficient escaping and insufficient query preparation for the user-supplied search_key parameter. Because the flaw can be reached without authentication and is associated with high confidentiality impact, it should be treated as a priorit [truncated]