Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21148
Total
1520
Critical
6441
High
6722
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-9184 | MEDIUM | 4.3 | The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_lb24_token() … | Jun 24, 2026 |
| CVE-2026-9183 | MEDIUM | 4.3 | The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is … | Jun 24, 2026 |
| CVE-2026-9179 | HIGH | 7.5 | The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/wp/v3/post/list REST endpoint in versions up to … | Jun 24, 2026 |
| CVE-2026-9178 | HIGH | 7.5 | The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST … | Jun 24, 2026 |
| CVE-2026-9175 | MEDIUM | 5.3 | The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.2.0. … | Jun 24, 2026 |
| CVE-2026-9172 | MEDIUM | 5.3 | The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to unauthorized modification/deletion of data due to a missing capability check … | Jun 24, 2026 |
| CVE-2026-8905 | MEDIUM | 6.1 | The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to … | Jun 24, 2026 |
| CVE-2026-8896 | MEDIUM | 6.4 | The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of … | Jun 24, 2026 |
| CVE-2026-8865 | MEDIUM | 6.4 | The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23_qr' shortcode in all versions up to, and … | Jun 24, 2026 |
| CVE-2026-8705 | HIGH | 7.5 | The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]` POST parameter of the `clearsale_total_push` AJAX action in all versions up … | Jun 24, 2026 |
| CVE-2026-8690 | MEDIUM | 5.3 | The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.4.1. This is due … | Jun 24, 2026 |
| CVE-2026-8688 | MEDIUM | 4.3 | The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to … | Jun 24, 2026 |
| CVE-2026-8628 | MEDIUM | 6.1 | The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Parameter in all versions up to, and including, 1.1.2 due to insufficient … | Jun 24, 2026 |
| CVE-2026-8622 | MEDIUM | 6.1 | The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF Server Variable in all versions up to, and including, … | Jun 24, 2026 |
| CVE-2026-8617 | MEDIUM | 5.3 | The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to … | Jun 24, 2026 |
| CVE-2026-8614 | MEDIUM | 4.3 | The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the assistio_plugin_delete_assistio_settings() … | Jun 24, 2026 |
| CVE-2026-7617 | MEDIUM | 5.3 | The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not … | Jun 24, 2026 |
| CVE-2026-6292 | MEDIUM | 4.3 | The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This is … | Jun 24, 2026 |
| CVE-2026-4297 | HIGH | 8.8 | The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0.0.31. This is due to … | Jun 24, 2026 |
| CVE-2026-13006 | UNKNOWN | — | ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.34 in Java applications, allows an attacker to execute arbitrary … | Jun 24, 2026 |
| CVE-2026-12417 | CRITICAL | 9.8 | The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in versions up to, … | Jun 24, 2026 |
| CVE-2026-12416 | CRITICAL | 9.8 | The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is due … | Jun 24, 2026 |
| CVE-2026-12100 | HIGH | 7.2 | The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0 via the 'url' parameter. This … | Jun 24, 2026 |
| CVE-2026-12095 | HIGH | 7.2 | The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'api_url' parameter. This … | Jun 24, 2026 |
| CVE-2026-12094 | MEDIUM | 5.3 | The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on … | Jun 24, 2026 |