Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21925
Total
1562
Critical
6664
High
7012
Medium
CVE ID Severity Score Description Published
CVE-2018-25437 HIGH 7.5 WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the download_backup.php endpoint. Attackers can … Jun 15, 2026
CVE-2018-25436 CRITICAL 9.8 WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php … Jun 15, 2026
CVE-2016-20084 HIGH 7.2 WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php … Jun 15, 2026
CVE-2016-20083 MEDIUM 5.3 WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can … Jun 15, 2026
CVE-2016-20082 MEDIUM 6.2 WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send … Jun 15, 2026
CVE-2016-20081 HIGH 7.5 WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. … Jun 15, 2026
CVE-2016-20080 MEDIUM 6.2 WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating … Jun 15, 2026
CVE-2016-20079 MEDIUM 6.2 WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. … Jun 15, 2026
CVE-2016-20078 MEDIUM 6.2 WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers … Jun 15, 2026
CVE-2016-20077 MEDIUM 6.2 WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in … Jun 15, 2026
CVE-2016-20076 HIGH 7.5 WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters … Jun 15, 2026
CVE-2016-20075 HIGH 8.8 WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious … Jun 15, 2026
CVE-2016-20074 MEDIUM 4.3 WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers … Jun 15, 2026
CVE-2016-20073 HIGH 8.2 Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code … Jun 15, 2026
CVE-2016-20072 HIGH 8.2 BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through … Jun 15, 2026
CVE-2016-20071 HIGH 8.2 The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by … Jun 15, 2026
CVE-2016-20070 MEDIUM 6.4 WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious … Jun 15, 2026
CVE-2016-20069 HIGH 8.2 WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before … Jun 15, 2026
CVE-2016-20068 HIGH 8.2 WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting … Jun 15, 2026
CVE-2016-20067 MEDIUM 4.3 WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft … Jun 15, 2026
CVE-2016-20066 HIGH 7.2 WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload … Jun 15, 2026
CVE-2026-5482 UNKNOWN Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution. This … Jun 15, 2026
CVE-2026-49757 UNKNOWN Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the … Jun 15, 2026
CVE-2026-34030 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used … Jun 15, 2026
CVE-2026-34029 UNKNOWN The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse … Jun 15, 2026