Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22374
Total
1599
Critical
6838
High
7169
Medium
CVE ID Severity Score Description Published
CVE-2026-6801 MEDIUM 5.3 The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes … Jul 11, 2026
CVE-2026-4661 HIGH 7.5 The WP CTA – Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'fildname' parameter … Jul 11, 2026
CVE-2026-1382 MEDIUM 6.4 The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due … Jul 11, 2026
CVE-2026-15155 HIGH 8.8 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in … Jul 11, 2026
CVE-2026-15010 MEDIUM 6.4 The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional … Jul 11, 2026
CVE-2026-12994 MEDIUM 5.3 The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is … Jul 11, 2026
CVE-2026-12738 MEDIUM 4.3 The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, … Jul 11, 2026
CVE-2026-12126 MEDIUM 6.4 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'post_title' in all versions up to, … Jul 11, 2026
CVE-2026-12103 MEDIUM 4.3 The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the … Jul 11, 2026
CVE-2026-11901 MEDIUM 5.3 The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is … Jul 11, 2026
CVE-2026-11898 MEDIUM 4.4 The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due … Jul 11, 2026
CVE-2026-11591 MEDIUM 4.4 The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 … Jul 11, 2026
CVE-2026-10865 MEDIUM 5.3 The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the (template body). … Jul 11, 2026
CVE-2026-10041 MEDIUM 4.3 The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 … Jul 11, 2026
CVE-2025-6784 HIGH 8.8 The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This … Jul 11, 2026
CVE-2025-5017 MEDIUM 4.9 The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, … Jul 11, 2026
CVE-2026-7655 HIGH 8.1 The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the … Jul 11, 2026
CVE-2026-13378 HIGH 7.2 The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all … Jul 11, 2026
CVE-2026-9738 MEDIUM 4.4 The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and … Jul 11, 2026
CVE-2026-7620 MEDIUM 4.3 The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the … Jul 11, 2026
CVE-2026-7559 MEDIUM 4.3 The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, … Jul 11, 2026
CVE-2026-6804 MEDIUM 5.3 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This … Jul 11, 2026
CVE-2026-6803 MEDIUM 5.3 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This … Jul 11, 2026
CVE-2026-3576 HIGH 7.2 The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and … Jul 11, 2026
CVE-2026-3552 MEDIUM 4.3 The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajax_import_410() function … Jul 11, 2026