Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21003
Total
1519
Critical
6392
High
6662
Medium
CVE ID Severity Score Description Published
CVE-2026-9643 HIGH 7.2 The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting via the REQUEST_URI server variable in all versions up to, and … Jun 24, 2026
CVE-2026-9620 MEDIUM 6.4 The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, … Jun 24, 2026
CVE-2026-9619 MEDIUM 4.3 The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due … Jun 24, 2026
CVE-2026-9616 MEDIUM 4.3 The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin … Jun 24, 2026
CVE-2026-9612 MEDIUM 5.3 The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via … Jun 24, 2026
CVE-2026-9184 MEDIUM 4.3 The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() … Jun 24, 2026
CVE-2026-9183 MEDIUM 4.3 The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is … Jun 24, 2026
CVE-2026-9179 HIGH 7.5 The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to … Jun 24, 2026
CVE-2026-9178 HIGH 7.5 The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST … Jun 24, 2026
CVE-2026-9175 MEDIUM 5.3 The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. … Jun 24, 2026
CVE-2026-9172 MEDIUM 5.3 The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check … Jun 24, 2026
CVE-2026-8905 MEDIUM 6.1 The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to … Jun 24, 2026
CVE-2026-8896 MEDIUM 6.4 The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of … Jun 24, 2026
CVE-2026-8865 MEDIUM 6.4 The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and … Jun 24, 2026
CVE-2026-8705 HIGH 7.5 The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up … Jun 24, 2026
CVE-2026-8690 MEDIUM 5.3 The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due … Jun 24, 2026
CVE-2026-8688 MEDIUM 4.3 The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to … Jun 24, 2026
CVE-2026-8628 MEDIUM 6.1 The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient … Jun 24, 2026
CVE-2026-8622 MEDIUM 6.1 The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, … Jun 24, 2026
CVE-2026-8617 MEDIUM 5.3 The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to … Jun 24, 2026
CVE-2026-8614 MEDIUM 4.3 The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings() … Jun 24, 2026
CVE-2026-7617 MEDIUM 5.3 The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not … Jun 24, 2026
CVE-2026-6292 MEDIUM 4.3 The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is … Jun 24, 2026
CVE-2026-4297 HIGH 8.8 The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to … Jun 24, 2026
CVE-2026-13006 UNKNOWN ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary … Jun 24, 2026