Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22374
Total
1599
Critical
6838
High
7169
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6801 | MEDIUM | 5.3 | The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes … | Jul 11, 2026 |
| CVE-2026-4661 | HIGH | 7.5 | The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter … | Jul 11, 2026 |
| CVE-2026-1382 | MEDIUM | 6.4 | The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due … | Jul 11, 2026 |
| CVE-2026-15155 | HIGH | 8.8 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in … | Jul 11, 2026 |
| CVE-2026-15010 | MEDIUM | 6.4 | The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional … | Jul 11, 2026 |
| CVE-2026-12994 | MEDIUM | 5.3 | The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is … | Jul 11, 2026 |
| CVE-2026-12738 | MEDIUM | 4.3 | The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, … | Jul 11, 2026 |
| CVE-2026-12126 | MEDIUM | 6.4 | The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'post_title' in all versions up to, … | Jul 11, 2026 |
| CVE-2026-12103 | MEDIUM | 4.3 | The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the … | Jul 11, 2026 |
| CVE-2026-11901 | MEDIUM | 5.3 | The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is … | Jul 11, 2026 |
| CVE-2026-11898 | MEDIUM | 4.4 | The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due … | Jul 11, 2026 |
| CVE-2026-11591 | MEDIUM | 4.4 | The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 … | Jul 11, 2026 |
| CVE-2026-10865 | MEDIUM | 5.3 | The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the (template body). … | Jul 11, 2026 |
| CVE-2026-10041 | MEDIUM | 4.3 | The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 … | Jul 11, 2026 |
| CVE-2025-6784 | HIGH | 8.8 | The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This … | Jul 11, 2026 |
| CVE-2025-5017 | MEDIUM | 4.9 | The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, … | Jul 11, 2026 |
| CVE-2026-7655 | HIGH | 8.1 | The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the … | Jul 11, 2026 |
| CVE-2026-13378 | HIGH | 7.2 | The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all … | Jul 11, 2026 |
| CVE-2026-9738 | MEDIUM | 4.4 | The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and … | Jul 11, 2026 |
| CVE-2026-7620 | MEDIUM | 4.3 | The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the … | Jul 11, 2026 |
| CVE-2026-7559 | MEDIUM | 4.3 | The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-6804 | MEDIUM | 5.3 | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This … | Jul 11, 2026 |
| CVE-2026-6803 | MEDIUM | 5.3 | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This … | Jul 11, 2026 |
| CVE-2026-3576 | HIGH | 7.2 | The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and … | Jul 11, 2026 |
| CVE-2026-3552 | MEDIUM | 4.3 | The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajax_import_410() function … | Jul 11, 2026 |