Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21925
Total
1562
Critical
6664
High
7012
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2018-25437 | HIGH | 7.5 | WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can … | Jun 15, 2026 |
| CVE-2018-25436 | CRITICAL | 9.8 | WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php … | Jun 15, 2026 |
| CVE-2016-20084 | HIGH | 7.2 | WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php … | Jun 15, 2026 |
| CVE-2016-20083 | MEDIUM | 5.3 | WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can … | Jun 15, 2026 |
| CVE-2016-20082 | MEDIUM | 6.2 | WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send … | Jun 15, 2026 |
| CVE-2016-20081 | HIGH | 7.5 | WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. … | Jun 15, 2026 |
| CVE-2016-20080 | MEDIUM | 6.2 | WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating … | Jun 15, 2026 |
| CVE-2016-20079 | MEDIUM | 6.2 | WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. … | Jun 15, 2026 |
| CVE-2016-20078 | MEDIUM | 6.2 | WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers … | Jun 15, 2026 |
| CVE-2016-20077 | MEDIUM | 6.2 | WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in … | Jun 15, 2026 |
| CVE-2016-20076 | HIGH | 7.5 | WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters … | Jun 15, 2026 |
| CVE-2016-20075 | HIGH | 8.8 | WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious … | Jun 15, 2026 |
| CVE-2016-20074 | MEDIUM | 4.3 | WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers … | Jun 15, 2026 |
| CVE-2016-20073 | HIGH | 8.2 | Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … | Jun 15, 2026 |
| CVE-2016-20072 | HIGH | 8.2 | BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … | Jun 15, 2026 |
| CVE-2016-20071 | HIGH | 8.2 | The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by … | Jun 15, 2026 |
| CVE-2016-20070 | MEDIUM | 6.4 | WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious … | Jun 15, 2026 |
| CVE-2016-20069 | HIGH | 8.2 | WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before … | Jun 15, 2026 |
| CVE-2016-20068 | HIGH | 8.2 | WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting … | Jun 15, 2026 |
| CVE-2016-20067 | MEDIUM | 4.3 | WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft … | Jun 15, 2026 |
| CVE-2016-20066 | HIGH | 7.2 | WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload … | Jun 15, 2026 |
| CVE-2026-5482 | UNKNOWN | — | Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This … | Jun 15, 2026 |
| CVE-2026-49757 | UNKNOWN | — | Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the … | Jun 15, 2026 |
| CVE-2026-34030 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used … | Jun 15, 2026 |
| CVE-2026-34029 | UNKNOWN | — | The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse … | Jun 15, 2026 |