Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22796
Total
1628
Critical
7094
High
7273
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-15097 | MEDIUM | 6.4 | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'height_slider' Slider Module Field in all versions up to, and including, 7.7.6 … | Jul 11, 2026 |
| CVE-2026-15096 | MEDIUM | 6.4 | The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'b_width_map' Field in all versions up to, and including, 7.7.6 … | Jul 11, 2026 |
| CVE-2026-14262 | HIGH | 8.8 | The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in … | Jul 11, 2026 |
| CVE-2026-13250 | MEDIUM | 5.3 | The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.5.3. This is due to the plugin … | Jul 11, 2026 |
| CVE-2026-13116 | MEDIUM | 4.3 | The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-12141 | MEDIUM | 4.9 | The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_tooltip_text' parameter in … | Jul 11, 2026 |
| CVE-2025-13968 | MEDIUM | 6.4 | The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the [starboard-suite-lightbox] shortcode in all versions up … | Jul 11, 2026 |
| CVE-2026-8678 | MEDIUM | 4.3 | The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.25.1. This is due to the plugin not … | Jul 11, 2026 |
| CVE-2026-7544 | MEDIUM | 4.3 | The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideo_enqueue_settings_script. This … | Jul 11, 2026 |
| CVE-2026-5743 | MEDIUM | 6.4 | The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-3367 | MEDIUM | 4.4 | The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and … | Jul 11, 2026 |
| CVE-2026-15338 | HIGH | 7.5 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.1 via the … | Jul 11, 2026 |
| CVE-2026-15073 | MEDIUM | 6.5 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions … | Jul 11, 2026 |
| CVE-2026-15072 | MEDIUM | 6.5 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions … | Jul 11, 2026 |
| CVE-2026-13353 | HIGH | 8.8 | The WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel plugin for WordPress is vulnerable to Remote Code Execution in … | Jul 11, 2026 |
| CVE-2026-13262 | MEDIUM | 6.5 | The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'val' parameter … | Jul 11, 2026 |
| CVE-2026-13114 | HIGH | 7.2 | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info … | Jul 11, 2026 |
| CVE-2026-12426 | MEDIUM | 5.3 | The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, … | Jul 11, 2026 |
| CVE-2026-10628 | MEDIUM | 4.3 | The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due … | Jul 11, 2026 |
| CVE-2026-13756 | HIGH | 8.8 | The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing … | Jul 11, 2026 |
| CVE-2026-11426 | MEDIUM | 6.5 | The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the … | Jul 11, 2026 |
| CVE-2026-55175 | HIGH | 7.5 | Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations … | Jul 10, 2026 |
| CVE-2026-44383 | HIGH | 7.5 | Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP … | Jul 10, 2026 |
| CVE-2026-42952 | HIGH | 7.5 | Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack. | Jul 10, 2026 |
| CVE-2026-20744 | CRITICAL | 9.8 | The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation. | Jul 10, 2026 |