Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-8991 MEDIUM 4.4 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings … Jun 06, 2026
CVE-2026-8978 MEDIUM 4.9 The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter … Jun 06, 2026
CVE-2026-8502 MEDIUM 5.3 The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up … Jun 06, 2026
CVE-2026-7796 MEDIUM 6.4 The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting … Jun 06, 2026
CVE-2026-7795 MEDIUM 6.4 The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions … Jun 06, 2026
CVE-2026-7792 MEDIUM 5.3 The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of … Jun 06, 2026
CVE-2026-7665 MEDIUM 5.3 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and … Jun 06, 2026
CVE-2026-7566 MEDIUM 6.6 The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via … Jun 06, 2026
CVE-2026-7565 MEDIUM 4.9 The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and … Jun 06, 2026
CVE-2026-7537 HIGH 7.2 The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. … Jun 06, 2026
CVE-2026-2500 MEDIUM 4.4 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` … Jun 06, 2026
CVE-2026-9281 MEDIUM 6.4 The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … Jun 06, 2026
CVE-2026-9008 MEDIUM 4.3 The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() function … Jun 06, 2026
CVE-2026-8901 HIGH 7.2 The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form … Jun 06, 2026
CVE-2026-8438 HIGH 7.2 The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This … Jun 06, 2026
CVE-2026-9719 MEDIUM 4.3 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and … Jun 06, 2026
CVE-2026-9290 HIGH 7.5 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and … Jun 06, 2026
CVE-2026-8976 MEDIUM 4.3 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in … Jun 06, 2026
CVE-2026-8900 MEDIUM 6.4 The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due … Jun 06, 2026
CVE-2026-8893 MEDIUM 6.4 The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up … Jun 06, 2026
CVE-2026-8608 MEDIUM 5.3 The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and … Jun 06, 2026
CVE-2026-7047 MEDIUM 4.3 The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to … Jun 06, 2026
CVE-2026-6448 MEDIUM 4.9 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' … Jun 06, 2026
CVE-2026-6242 UNKNOWN An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting … Jun 06, 2026
CVE-2026-6241 UNKNOWN An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without … Jun 06, 2026