Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11346
Total
769
Critical
3260
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-4362 | MEDIUM | 6.5 | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `Live_Action::reset()` function in … | May 05, 2026 |
| CVE-2026-7810 | HIGH | 7.3 | A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. … | May 05, 2026 |
| CVE-2026-5957 | MEDIUM | 6.5 | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed … | May 05, 2026 |
| CVE-2026-5294 | CRITICAL | 9.8 | The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX … | May 05, 2026 |
| CVE-2026-5159 | MEDIUM | 6.4 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up … | May 05, 2026 |
| CVE-2026-4803 | HIGH | 7.2 | The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_meta AJAX action in all versions … | May 05, 2026 |
| CVE-2026-4665 | MEDIUM | 6.4 | The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox `data-caption` attributes in all versions up to, and including, … | May 05, 2026 |
| CVE-2026-3456 | HIGH | 7.5 | The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributekey' parameter in … | May 05, 2026 |
| CVE-2026-35228 | HIGH | 8.7 | Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. … | May 05, 2026 |
| CVE-2026-2948 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, … | May 05, 2026 |
| CVE-2026-6704 | MEDIUM | 6.1 | The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This … | May 05, 2026 |
| CVE-2026-6702 | MEDIUM | 6.1 | The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to … | May 05, 2026 |
| CVE-2026-6701 | MEDIUM | 4.3 | The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or … | May 05, 2026 |
| CVE-2026-6700 | MEDIUM | 4.3 | The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing … | May 05, 2026 |
| CVE-2026-6696 | MEDIUM | 6.1 | The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'first_name', 'last_name', and 'phone' parameters on the plugin's sign-up admin … | May 05, 2026 |
| CVE-2026-6255 | MEDIUM | 6.4 | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'num' attribute of the 'owls_wrapper' shortcode in all versions up … | May 05, 2026 |
| CVE-2026-5505 | MEDIUM | 6.4 | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This … | May 05, 2026 |
| CVE-2026-5247 | MEDIUM | 5.5 | The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the [futureaction] shortcode in … | May 05, 2026 |
| CVE-2026-5100 | HIGH | 7.5 | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4.4.5 due … | May 05, 2026 |
| CVE-2026-4730 | MEDIUM | 6.4 | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | May 05, 2026 |
| CVE-2026-4409 | MEDIUM | 6.5 | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a … | May 05, 2026 |
| CVE-2026-2868 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'separatorIconSVG' parameter in versions … | May 05, 2026 |
| CVE-2026-1921 | MEDIUM | 4.9 | The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This … | May 05, 2026 |
| CVE-2025-13618 | CRITICAL | 9.8 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not … | May 05, 2026 |
| CVE-2026-5722 | CRITICAL | 9.8 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is due to the guest … | May 05, 2026 |