Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22796
Total
1628
Critical
7094
High
7273
Medium
CVE ID Severity Score Description Published
CVE-2026-15155 HIGH 8.8 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Authenticated Account Takeover via Email Header Injection in … Jul 11, 2026
CVE-2026-15010 MEDIUM 6.4 The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional … Jul 11, 2026
CVE-2026-12994 MEDIUM 5.3 The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.7.27. This is … Jul 11, 2026
CVE-2026-12738 MEDIUM 4.3 The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, … Jul 11, 2026
CVE-2026-12126 MEDIUM 6.4 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'post_title' in all versions up to, … Jul 11, 2026
CVE-2026-12103 MEDIUM 4.3 The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the … Jul 11, 2026
CVE-2026-11901 MEDIUM 5.3 The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 2.3.1. This is … Jul 11, 2026
CVE-2026-11898 MEDIUM 4.4 The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.12 due … Jul 11, 2026
CVE-2026-11591 MEDIUM 4.4 The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 … Jul 11, 2026
CVE-2026-10865 MEDIUM 5.3 The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the (template body). … Jul 11, 2026
CVE-2026-10041 MEDIUM 4.3 The WCFM – Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.27 … Jul 11, 2026
CVE-2025-6784 HIGH 8.8 The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This … Jul 11, 2026
CVE-2025-5017 MEDIUM 4.9 The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uid’ parameter in all versions up to, … Jul 11, 2026
CVE-2026-7655 HIGH 8.1 The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in versions up to, and including, 4.2.3. This is due to the … Jul 11, 2026
CVE-2026-13378 HIGH 7.2 The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all … Jul 11, 2026
CVE-2026-9738 MEDIUM 4.4 The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content_position_css' parameter in all versions up to, and … Jul 11, 2026
CVE-2026-7620 MEDIUM 4.3 The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the … Jul 11, 2026
CVE-2026-7559 MEDIUM 4.3 The Affilia – Affiliate Program & Referral Tracking for WordPress plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, … Jul 11, 2026
CVE-2026-6804 MEDIUM 5.3 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.12. This … Jul 11, 2026
CVE-2026-6803 MEDIUM 5.3 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This … Jul 11, 2026
CVE-2026-3576 HIGH 7.2 The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request Forgery leading to Local File Inclusion in all versions up to, and … Jul 11, 2026
CVE-2026-3552 MEDIUM 4.3 The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajax_import_410() function … Jul 11, 2026
CVE-2026-2354 HIGH 8.8 The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the `upload_extension_files()` … Jul 11, 2026
CVE-2026-1832 MEDIUM 4.3 The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability … Jul 11, 2026
CVE-2026-15335 HIGH 7.5 The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email' Form Parameter (form<N>) in all versions up to, and including, 1.7.20 … Jul 11, 2026