Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23329
Total
1657
Critical
7330
High
7410
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8991 | MEDIUM | 4.4 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings … | Jun 06, 2026 |
| CVE-2026-8978 | MEDIUM | 4.9 | The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter … | Jun 06, 2026 |
| CVE-2026-8502 | MEDIUM | 5.3 | The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up … | Jun 06, 2026 |
| CVE-2026-7796 | MEDIUM | 6.4 | The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting … | Jun 06, 2026 |
| CVE-2026-7795 | MEDIUM | 6.4 | The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions … | Jun 06, 2026 |
| CVE-2026-7792 | MEDIUM | 5.3 | The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of … | Jun 06, 2026 |
| CVE-2026-7665 | MEDIUM | 5.3 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and … | Jun 06, 2026 |
| CVE-2026-7566 | MEDIUM | 6.6 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via … | Jun 06, 2026 |
| CVE-2026-7565 | MEDIUM | 4.9 | The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and … | Jun 06, 2026 |
| CVE-2026-7537 | HIGH | 7.2 | The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. … | Jun 06, 2026 |
| CVE-2026-2500 | MEDIUM | 4.4 | The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` … | Jun 06, 2026 |
| CVE-2026-9281 | MEDIUM | 6.4 | The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Jun 06, 2026 |
| CVE-2026-9008 | MEDIUM | 4.3 | The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() function … | Jun 06, 2026 |
| CVE-2026-8901 | HIGH | 7.2 | The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form … | Jun 06, 2026 |
| CVE-2026-8438 | HIGH | 7.2 | The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This … | Jun 06, 2026 |
| CVE-2026-9719 | MEDIUM | 4.3 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and … | Jun 06, 2026 |
| CVE-2026-9290 | HIGH | 7.5 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and … | Jun 06, 2026 |
| CVE-2026-8976 | MEDIUM | 4.3 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in … | Jun 06, 2026 |
| CVE-2026-8900 | MEDIUM | 6.4 | The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due … | Jun 06, 2026 |
| CVE-2026-8893 | MEDIUM | 6.4 | The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up … | Jun 06, 2026 |
| CVE-2026-8608 | MEDIUM | 5.3 | The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and … | Jun 06, 2026 |
| CVE-2026-7047 | MEDIUM | 4.3 | The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to … | Jun 06, 2026 |
| CVE-2026-6448 | MEDIUM | 4.9 | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' … | Jun 06, 2026 |
| CVE-2026-6242 | UNKNOWN | — | An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting … | Jun 06, 2026 |
| CVE-2026-6241 | UNKNOWN | — | An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without … | Jun 06, 2026 |