Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21003
Total
1519
Critical
6392
High
6662
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9643 | HIGH | 7.2 | The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and … | Jun 24, 2026 |
| CVE-2026-9620 | MEDIUM | 6.4 | The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, … | Jun 24, 2026 |
| CVE-2026-9619 | MEDIUM | 4.3 | The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due … | Jun 24, 2026 |
| CVE-2026-9616 | MEDIUM | 4.3 | The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin … | Jun 24, 2026 |
| CVE-2026-9612 | MEDIUM | 5.3 | The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via … | Jun 24, 2026 |
| CVE-2026-9184 | MEDIUM | 4.3 | The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() … | Jun 24, 2026 |
| CVE-2026-9183 | MEDIUM | 4.3 | The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is … | Jun 24, 2026 |
| CVE-2026-9179 | HIGH | 7.5 | The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to … | Jun 24, 2026 |
| CVE-2026-9178 | HIGH | 7.5 | The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST … | Jun 24, 2026 |
| CVE-2026-9175 | MEDIUM | 5.3 | The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. … | Jun 24, 2026 |
| CVE-2026-9172 | MEDIUM | 5.3 | The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check … | Jun 24, 2026 |
| CVE-2026-8905 | MEDIUM | 6.1 | The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to … | Jun 24, 2026 |
| CVE-2026-8896 | MEDIUM | 6.4 | The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of … | Jun 24, 2026 |
| CVE-2026-8865 | MEDIUM | 6.4 | The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and … | Jun 24, 2026 |
| CVE-2026-8705 | HIGH | 7.5 | The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up … | Jun 24, 2026 |
| CVE-2026-8690 | MEDIUM | 5.3 | The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due … | Jun 24, 2026 |
| CVE-2026-8688 | MEDIUM | 4.3 | The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to … | Jun 24, 2026 |
| CVE-2026-8628 | MEDIUM | 6.1 | The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient … | Jun 24, 2026 |
| CVE-2026-8622 | MEDIUM | 6.1 | The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, … | Jun 24, 2026 |
| CVE-2026-8617 | MEDIUM | 5.3 | The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to … | Jun 24, 2026 |
| CVE-2026-8614 | MEDIUM | 4.3 | The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings() … | Jun 24, 2026 |
| CVE-2026-7617 | MEDIUM | 5.3 | The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not … | Jun 24, 2026 |
| CVE-2026-6292 | MEDIUM | 4.3 | The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is … | Jun 24, 2026 |
| CVE-2026-4297 | HIGH | 8.8 | The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to … | Jun 24, 2026 |
| CVE-2026-13006 | UNKNOWN | — | ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary … | Jun 24, 2026 |