Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10648
Total
723
Critical
3075
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-7616 | MEDIUM | 4.3 | The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing … | May 12, 2026 |
| CVE-2026-7562 | MEDIUM | 4.3 | The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence … | May 12, 2026 |
| CVE-2026-7561 | MEDIUM | 6.1 | The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due … | May 12, 2026 |
| CVE-2026-7464 | MEDIUM | 6.1 | The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `page` parameter in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-7437 | MEDIUM | 6.1 | The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_hidden` parameter in all versions up to, and including, 1.3. This is … | May 12, 2026 |
| CVE-2026-7050 | MEDIUM | 4.3 | The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin … | May 12, 2026 |
| CVE-2026-6932 | MEDIUM | 4.3 | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due … | May 12, 2026 |
| CVE-2026-6913 | MEDIUM | 6.4 | The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to … | May 12, 2026 |
| CVE-2026-6808 | MEDIUM | 6.1 | The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-6710 | MEDIUM | 4.3 | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due … | May 12, 2026 |
| CVE-2026-6709 | MEDIUM | 4.3 | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due … | May 12, 2026 |
| CVE-2026-6708 | MEDIUM | 5.3 | The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is … | May 12, 2026 |
| CVE-2026-6690 | HIGH | 7.2 | The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, … | May 12, 2026 |
| CVE-2026-6663 | MEDIUM | 4.8 | The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is … | May 12, 2026 |
| CVE-2026-6402 | MEDIUM | 5.3 | webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. … | May 12, 2026 |
| CVE-2026-6256 | MEDIUM | 6.4 | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, … | May 12, 2026 |
| CVE-2026-6247 | MEDIUM | 6.4 | The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up … | May 12, 2026 |
| CVE-2026-6237 | MEDIUM | 6.4 | The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, … | May 12, 2026 |
| CVE-2026-5715 | MEDIUM | 6.4 | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, … | May 12, 2026 |
| CVE-2026-5693 | MEDIUM | 5.3 | The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation … | May 12, 2026 |
| CVE-2026-5340 | MEDIUM | 6.4 | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-5028 | MEDIUM | 6.5 | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action … | May 12, 2026 |
| CVE-2026-4920 | MEDIUM | 6.4 | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 … | May 12, 2026 |
| CVE-2026-4859 | MEDIUM | 6.4 | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up … | May 12, 2026 |
| CVE-2026-4663 | MEDIUM | 5.3 | The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin … | May 12, 2026 |