Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11537
Total
770
Critical
3263
High
3665
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2052 | HIGH | 8.8 | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions … | May 02, 2026 |
| CVE-2026-7605 | MEDIUM | 6.3 | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpEndpoint. … | May 02, 2026 |
| CVE-2026-43058 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix pass-by-value structs causing MSAN warnings vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into() take their argument structs … | May 02, 2026 |
| CVE-2026-7647 | HIGH | 8.1 | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to … | May 02, 2026 |
| CVE-2026-7049 | HIGH | 7.2 | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-6916 | MEDIUM | 6.4 | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | May 02, 2026 |
| CVE-2026-6812 | MEDIUM | 4.4 | The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the ona_activate_child_theme. This makes it … | May 02, 2026 |
| CVE-2026-6447 | MEDIUM | 4.4 | The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, … | May 02, 2026 |
| CVE-2026-5113 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This … | May 02, 2026 |
| CVE-2026-5112 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient … | May 02, 2026 |
| CVE-2026-5111 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input … | May 02, 2026 |
| CVE-2026-5110 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient … | May 02, 2026 |
| CVE-2026-5109 | HIGH | 7.2 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation … | May 02, 2026 |
| CVE-2026-7641 | HIGH | 8.8 | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the … | May 02, 2026 |
| CVE-2026-7604 | MEDIUM | 6.3 | A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation … | May 02, 2026 |
| CVE-2026-7603 | MEDIUM | 6.3 | A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile … | May 02, 2026 |
| CVE-2026-7458 | CRITICAL | 9.8 | The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to … | May 02, 2026 |
| CVE-2026-6963 | HIGH | 8.8 | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all … | May 02, 2026 |
| CVE-2026-6446 | MEDIUM | 5.4 | The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.0.4 … | May 02, 2026 |
| CVE-2026-4882 | CRITICAL | 9.8 | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'URAF_AJAX::method_upload' function in … | May 02, 2026 |
| CVE-2026-4658 | MEDIUM | 6.4 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and … | May 02, 2026 |
| CVE-2025-14726 | MEDIUM | 6.5 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability … | May 02, 2026 |
| CVE-2026-7638 | MEDIUM | 5.3 | The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all … | May 02, 2026 |
| CVE-2026-7602 | MEDIUM | 6.3 | A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil … | May 02, 2026 |
| CVE-2026-7209 | MEDIUM | 6.4 | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `qcopd-directory` shortcode in all versions up to, and including, … | May 02, 2026 |