Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4142 | MEDIUM | 4.4 | The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions … | Apr 22, 2026 |
| CVE-2026-4140 | MEDIUM | 4.3 | The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due … | Apr 22, 2026 |
| CVE-2026-4139 | MEDIUM | 4.3 | The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete … | Apr 22, 2026 |
| CVE-2026-4138 | MEDIUM | 4.3 | The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to … | Apr 22, 2026 |
| CVE-2026-4133 | MEDIUM | 4.3 | The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to … | Apr 22, 2026 |
| CVE-2026-4132 | HIGH | 7.2 | The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up … | Apr 22, 2026 |
| CVE-2026-4131 | MEDIUM | 6.1 | The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.4. This is … | Apr 22, 2026 |
| CVE-2026-4128 | MEDIUM | 4.3 | The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, … | Apr 22, 2026 |
| CVE-2026-4126 | MEDIUM | 4.3 | The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The … | Apr 22, 2026 |
| CVE-2026-4125 | MEDIUM | 6.4 | The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to and including 1.0.1. … | Apr 22, 2026 |
| CVE-2026-4121 | MEDIUM | 4.3 | The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce … | Apr 22, 2026 |
| CVE-2026-4119 | CRITICAL | 9.1 | The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up to and including 1.2.1. The plugin registers admin_post action … | Apr 22, 2026 |
| CVE-2026-4118 | MEDIUM | 4.3 | The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due … | Apr 22, 2026 |
| CVE-2026-4117 | MEDIUM | 5.3 | The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability … | Apr 22, 2026 |
| CVE-2026-4090 | MEDIUM | 6.1 | The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing … | Apr 22, 2026 |
| CVE-2026-4089 | MEDIUM | 6.4 | The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including … | Apr 22, 2026 |
| CVE-2026-4088 | MEDIUM | 6.4 | The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_cta_box' shortcode in all versions up to, and including, 1.1. … | Apr 22, 2026 |
| CVE-2026-4085 | MEDIUM | 6.4 | The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper_class' shortcode attribute of the 'my-instagram-feed' shortcode in all … | Apr 22, 2026 |
| CVE-2026-4082 | MEDIUM | 6.4 | The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swiffy] shortcode in all versions up to and including 1.0.0. … | Apr 22, 2026 |
| CVE-2026-4076 | MEDIUM | 6.4 | The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to … | Apr 22, 2026 |
| CVE-2026-4074 | MEDIUM | 6.4 | The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, … | Apr 22, 2026 |
| CVE-2026-3362 | MEDIUM | 4.4 | The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and … | Apr 22, 2026 |
| CVE-2026-31433 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get_file_all_info() for compound requests When a compound request consists of … | Apr 22, 2026 |
| CVE-2026-31432 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_INFO for compound requests When a compound request such as … | Apr 22, 2026 |
| CVE-2026-31431 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the … | Apr 22, 2026 |