Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
13428
Total
886
Critical
3903
High
4235
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-1233 | HIGH | 7.5 | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and … | Apr 04, 2026 |
| CVE-2026-0626 | MEDIUM | 6.4 | The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting … | Apr 04, 2026 |
| CVE-2025-14938 | MEDIUM | 5.3 | The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo_core_handle_dropped_media" function. … | Apr 04, 2026 |
| CVE-2026-5425 | HIGH | 7.2 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, … | Apr 04, 2026 |
| CVE-2026-3445 | HIGH | 7.1 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership … | Apr 04, 2026 |
| CVE-2026-2826 | MEDIUM | 4.3 | The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, … | Apr 04, 2026 |
| CVE-2026-2437 | MEDIUM | 6.4 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte_trip_tax' … | Apr 04, 2026 |
| CVE-2026-4896 | HIGH | 8.1 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all … | Apr 04, 2026 |
| CVE-2026-2600 | MEDIUM | 6.4 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit_tab_title' parameter in the Simple Tab widget in … | Apr 04, 2026 |
| CVE-2026-0738 | MEDIUM | 6.4 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, … | Apr 04, 2026 |
| CVE-2026-0737 | MEDIUM | 6.4 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This … | Apr 04, 2026 |
| CVE-2026-0664 | MEDIUM | 6.4 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter in all versions up to, and including, … | Apr 04, 2026 |
| CVE-2026-0552 | MEDIUM | 6.4 | The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsc_display_product' shortcode in all versions up to, and including, … | Apr 04, 2026 |
| CVE-2025-15064 | MEDIUM | 6.4 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via … | Apr 04, 2026 |
| CVE-2025-13368 | MEDIUM | 6.4 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Widget's 'onClick Event' setting in … | Apr 04, 2026 |
| CVE-2026-2949 | MEDIUM | 6.4 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Box widget in versions up … | Apr 04, 2026 |
| CVE-2026-2924 | MEDIUM | 6.4 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'imageLoad' parameter in versions … | Apr 04, 2026 |
| CVE-2026-3571 | MEDIUM | 6.5 | The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability … | Apr 04, 2026 |
| CVE-2026-35616 | CRITICAL | 9.8 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | Apr 04, 2026 |
| CVE-2026-34780 | HIGH | 8.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and … | Apr 04, 2026 |
| CVE-2026-34955 | HIGH | 8.8 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on … | Apr 04, 2026 |
| CVE-2026-34779 | MEDIUM | 6.5 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() … | Apr 04, 2026 |
| CVE-2026-34778 | MEDIUM | 5.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker … | Apr 04, 2026 |
| CVE-2026-34777 | MEDIUM | 5.4 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe … | Apr 04, 2026 |
| CVE-2026-34776 | MEDIUM | 5.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and … | Apr 04, 2026 |