Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20386
Total
1466
Critical
6177
High
6480
Medium
CVE ID Severity Score Description Published
CVE-2026-12732 MEDIUM 6.4 The LearnPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_wrapper_form' shortcode attribute in versions up to, and including, 4.4.0. This is … Jul 01, 2026
CVE-2026-12577 UNKNOWN DVP80ES3 with Improperly Implemented Security Check for Standard vulnerability. Jul 01, 2026
CVE-2026-12576 HIGH 7.5 DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability. Jul 01, 2026
CVE-2026-12575 HIGH 7.5 DVP80ES3 with Improper Resource Shutdown or Release vulnerability. Jul 01, 2026
CVE-2026-12435 MEDIUM 4.3 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.111. … Jul 01, 2026
CVE-2026-12408 MEDIUM 4.3 The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions … Jul 01, 2026
CVE-2026-12224 HIGH 8.8 The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including, 5.0.4. This is … Jul 01, 2026
CVE-2026-12158 HIGH 8.8 The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This … Jul 01, 2026
CVE-2026-11387 CRITICAL 9.8 The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account … Jul 01, 2026
CVE-2026-10540 MEDIUM 5.6 The Control-M/Enterprise Manager uses weak protections for stored hashes of account passwords, potentially allowing offline password recovery attacks if credential data is obtained by an … Jul 01, 2026
CVE-2026-10539 CRITICAL 9.0 A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized … Jul 01, 2026
CVE-2026-10538 HIGH 8.0 Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions … Jul 01, 2026
CVE-2026-10096 MEDIUM 4.3 The Qi Blocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.9 via the 'page_id' parameter … Jul 01, 2026
CVE-2026-1239 HIGH 7.5 The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a … Jul 01, 2026
CVE-2026-14193 HIGH 7.5 DVP80ES300T with Improper Validation of Array Index Vulnerability Jul 01, 2026
CVE-2026-12579 HIGH 7.4 AS228T with Authentication Bypass Vulnerability Jul 01, 2026
CVE-2026-11887 MEDIUM 4.3 The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such … Jul 01, 2026
CVE-2026-11883 HIGH 7.2 The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a … Jul 01, 2026
CVE-2026-11880 LOW 3.1 The Fluent Forms WordPress plugin before 6.2.1 does not properly verify ownership before processing a subscription cancellation request, allowing authenticated users with a low-privilege account … Jul 01, 2026
CVE-2026-11823 HIGH 7.5 The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assign_staffmember_to_slots() function in versions up to … Jul 01, 2026
CVE-2026-11794 HIGH 8.1 The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a … Jul 01, 2026
CVE-2026-11570 MEDIUM 4.2 The User Submitted Posts WordPress plugin before 20260608 does not escape a submitted value before outputting it in an admin-configured display template, leading to a … Jul 01, 2026
CVE-2026-11568 HIGH 7.5 The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public … Jul 01, 2026
CVE-2026-11562 MEDIUM 4.3 The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level … Jul 01, 2026
CVE-2026-10750 HIGH 8.1 The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users … Jul 01, 2026