Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22374
Total
1599
Critical
6838
High
7169
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-2354 | HIGH | 8.8 | The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` … | Jul 11, 2026 |
| CVE-2026-1832 | MEDIUM | 4.3 | The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability … | Jul 11, 2026 |
| CVE-2026-15335 | HIGH | 7.5 | The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 … | Jul 11, 2026 |
| CVE-2026-15097 | MEDIUM | 6.4 | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'height_slider' Slider Module Field in all versions up to, and including, 7.7.6 … | Jul 11, 2026 |
| CVE-2026-15096 | MEDIUM | 6.4 | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in all versions up to, and including, 7.7.6 … | Jul 11, 2026 |
| CVE-2026-14262 | HIGH | 8.8 | The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in … | Jul 11, 2026 |
| CVE-2026-13250 | MEDIUM | 5.3 | The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin … | Jul 11, 2026 |
| CVE-2026-13116 | MEDIUM | 4.3 | The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-12141 | MEDIUM | 4.9 | The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_tooltip_text' parameter in … | Jul 11, 2026 |
| CVE-2025-13968 | MEDIUM | 6.4 | The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up … | Jul 11, 2026 |
| CVE-2026-8678 | MEDIUM | 4.3 | The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not … | Jul 11, 2026 |
| CVE-2026-7544 | MEDIUM | 4.3 | The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This … | Jul 11, 2026 |
| CVE-2026-5743 | MEDIUM | 6.4 | The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-3367 | MEDIUM | 4.4 | The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and … | Jul 11, 2026 |
| CVE-2026-15338 | HIGH | 7.5 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the … | Jul 11, 2026 |
| CVE-2026-15073 | MEDIUM | 6.5 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions … | Jul 11, 2026 |
| CVE-2026-15072 | MEDIUM | 6.5 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions … | Jul 11, 2026 |
| CVE-2026-13353 | HIGH | 8.8 | The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in … | Jul 11, 2026 |
| CVE-2026-13262 | MEDIUM | 6.5 | The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter … | Jul 11, 2026 |
| CVE-2026-13114 | HIGH | 7.2 | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info … | Jul 11, 2026 |
| CVE-2026-12426 | MEDIUM | 5.3 | The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-10628 | MEDIUM | 4.3 | The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due … | Jul 11, 2026 |
| CVE-2026-13756 | HIGH | 8.8 | The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing … | Jul 11, 2026 |
| CVE-2026-11426 | MEDIUM | 6.5 | The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the … | Jul 11, 2026 |
| CVE-2026-55175 | HIGH | 7.5 | Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations … | Jul 10, 2026 |