Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10238
Total
701
Critical
2952
High
3222
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6271 | CRITICAL | 9.8 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. … | May 14, 2026 |
| CVE-2026-6252 | MEDIUM | 6.4 | The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-6225 | MEDIUM | 6.5 | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' … | May 14, 2026 |
| CVE-2026-5395 | HIGH | 8.2 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all … | May 14, 2026 |
| CVE-2026-5365 | MEDIUM | 4.3 | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce … | May 14, 2026 |
| CVE-2026-5193 | MEDIUM | 6.5 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and … | May 14, 2026 |
| CVE-2026-3892 | HIGH | 8.1 | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-3718 | HIGH | 7.2 | The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-3694 | MEDIUM | 6.4 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up … | May 14, 2026 |
| CVE-2026-8280 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-8181 | CRITICAL | 9.8 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is … | May 14, 2026 |
| CVE-2026-8144 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7481 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7471 | LOW | 3.5 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7377 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable … | May 14, 2026 |
| CVE-2026-6883 | LOW | 2.6 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-6417 | MEDIUM | 6.1 | The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-6335 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user … | May 14, 2026 |
| CVE-2026-6073 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-6063 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain … | May 14, 2026 |
| CVE-2026-5396 | HIGH | 8.2 | The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due … | May 14, 2026 |
| CVE-2026-5243 | MEDIUM | 6.4 | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting … | May 14, 2026 |
| CVE-2026-4527 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-4524 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-3829 | MEDIUM | 5.4 | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized … | May 14, 2026 |