Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20648
Total
1489
Critical
6270
High
6549
Medium
CVE ID Severity Score Description Published
CVE-2026-12471 MEDIUM 4.3 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, … Jun 27, 2026
CVE-2026-12432 MEDIUM 5.3 The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_failed_payment_status AJAX action. … Jun 27, 2026
CVE-2026-12399 MEDIUM 4.4 The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions … Jun 27, 2026
CVE-2026-11987 MEDIUM 4.3 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference … Jun 27, 2026
CVE-2026-11783 MEDIUM 6.4 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … Jun 27, 2026
CVE-2026-11773 MEDIUM 4.3 The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … Jun 27, 2026
CVE-2026-11597 MEDIUM 6.4 The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. … Jun 27, 2026
CVE-2026-11364 MEDIUM 4.3 The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. … Jun 27, 2026
CVE-2026-9677 UNKNOWN The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML … Jun 27, 2026
CVE-2026-13245 MEDIUM 6.1 The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, … Jun 27, 2026
CVE-2026-12404 MEDIUM 5.3 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This … Jun 27, 2026
CVE-2026-10820 UNKNOWN The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user … Jun 27, 2026
CVE-2026-12415 CRITICAL 9.8 The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up … Jun 27, 2026
CVE-2026-13422 MEDIUM 4.3 The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce … Jun 27, 2026
CVE-2026-13335 MEDIUM 6.4 The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, … Jun 27, 2026
CVE-2026-13333 MEDIUM 6.5 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, … Jun 27, 2026
CVE-2026-13331 MEDIUM 6.5 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up … Jun 27, 2026
CVE-2026-11356 MEDIUM 4.4 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings in all versions up … Jun 27, 2026
CVE-2025-59868 MEDIUM 5.5 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then … Jun 27, 2026
CVE-2023-37524 HIGH 7.7 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached … Jun 27, 2026
CVE-2026-56414 HIGH 7.2 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating … Jun 26, 2026
CVE-2026-55975 HIGH 7.2 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which … Jun 26, 2026
CVE-2026-33560 HIGH 7.1 The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without … Jun 26, 2026
CVE-2026-31928 HIGH 8.1 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration … Jun 26, 2026
CVE-2026-28701 CRITICAL 9.8 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths. Jun 26, 2026