Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22374
Total
1599
Critical
6838
High
7169
Medium
CVE ID Severity Score Description Published
CVE-2026-2354 HIGH 8.8 The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` … Jul 11, 2026
CVE-2026-1832 MEDIUM 4.3 The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability … Jul 11, 2026
CVE-2026-15335 HIGH 7.5 The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 … Jul 11, 2026
CVE-2026-15097 MEDIUM 6.4 The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'height_slider' Slider Module Field in all versions up to, and including, 7.7.6 … Jul 11, 2026
CVE-2026-15096 MEDIUM 6.4 The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in all versions up to, and including, 7.7.6 … Jul 11, 2026
CVE-2026-14262 HIGH 8.8 The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in … Jul 11, 2026
CVE-2026-13250 MEDIUM 5.3 The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin … Jul 11, 2026
CVE-2026-13116 MEDIUM 4.3 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, … Jul 11, 2026
CVE-2026-12141 MEDIUM 4.9 The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_tooltip_text' parameter in … Jul 11, 2026
CVE-2025-13968 MEDIUM 6.4 The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up … Jul 11, 2026
CVE-2026-8678 MEDIUM 4.3 The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not … Jul 11, 2026
CVE-2026-7544 MEDIUM 4.3 The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This … Jul 11, 2026
CVE-2026-5743 MEDIUM 6.4 The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, … Jul 11, 2026
CVE-2026-3367 MEDIUM 4.4 The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and … Jul 11, 2026
CVE-2026-15338 HIGH 7.5 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the … Jul 11, 2026
CVE-2026-15073 MEDIUM 6.5 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions … Jul 11, 2026
CVE-2026-15072 MEDIUM 6.5 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions … Jul 11, 2026
CVE-2026-13353 HIGH 8.8 The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in … Jul 11, 2026
CVE-2026-13262 MEDIUM 6.5 The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter … Jul 11, 2026
CVE-2026-13114 HIGH 7.2 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info … Jul 11, 2026
CVE-2026-12426 MEDIUM 5.3 The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, … Jul 11, 2026
CVE-2026-10628 MEDIUM 4.3 The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due … Jul 11, 2026
CVE-2026-13756 HIGH 8.8 The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing … Jul 11, 2026
CVE-2026-11426 MEDIUM 6.5 The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the … Jul 11, 2026
CVE-2026-55175 HIGH 7.5 Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations … Jul 10, 2026