Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5159 | MEDIUM | 6.4 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up … | May 05, 2026 |
| CVE-2026-4803 | HIGH | 7.2 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions … | May 05, 2026 |
| CVE-2026-4665 | MEDIUM | 6.4 | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, … | May 05, 2026 |
| CVE-2026-3456 | HIGH | 7.5 | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in … | May 05, 2026 |
| CVE-2026-35228 | HIGH | 8.7 | Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. … | May 05, 2026 |
| CVE-2026-2948 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, … | May 05, 2026 |
| CVE-2026-6704 | MEDIUM | 6.1 | The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This … | May 05, 2026 |
| CVE-2026-6702 | MEDIUM | 6.1 | The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to … | May 05, 2026 |
| CVE-2026-6701 | MEDIUM | 4.3 | The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or … | May 05, 2026 |
| CVE-2026-6700 | MEDIUM | 4.3 | The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing … | May 05, 2026 |
| CVE-2026-6696 | MEDIUM | 6.1 | The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin … | May 05, 2026 |
| CVE-2026-6255 | MEDIUM | 6.4 | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up … | May 05, 2026 |
| CVE-2026-5505 | MEDIUM | 6.4 | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This … | May 05, 2026 |
| CVE-2026-5247 | MEDIUM | 5.5 | The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in … | May 05, 2026 |
| CVE-2026-5100 | HIGH | 7.5 | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due … | May 05, 2026 |
| CVE-2026-4730 | MEDIUM | 6.4 | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | May 05, 2026 |
| CVE-2026-4409 | MEDIUM | 6.5 | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a … | May 05, 2026 |
| CVE-2026-2868 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions … | May 05, 2026 |
| CVE-2026-1921 | MEDIUM | 4.9 | The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This … | May 05, 2026 |
| CVE-2025-13618 | CRITICAL | 9.8 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not … | May 05, 2026 |
| CVE-2026-5722 | CRITICAL | 9.8 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest … | May 05, 2026 |
| CVE-2026-44029 | MEDIUM | 5.3 | An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The … | May 05, 2026 |
| CVE-2026-44028 | HIGH | 7.5 | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap … | May 05, 2026 |
| CVE-2026-7788 | HIGH | 7.3 | A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a … | May 05, 2026 |
| CVE-2026-7785 | HIGH | 7.3 | A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command … | May 05, 2026 |