Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6145 | MEDIUM | 5.3 | The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to … | May 14, 2026 |
| CVE-2026-6670 | MEDIUM | 6.5 | The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. … | May 14, 2026 |
| CVE-2026-6510 | CRITICAL | 9.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due … | May 14, 2026 |
| CVE-2026-6506 | HIGH | 8.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoo_gdpr_upddata() … | May 14, 2026 |
| CVE-2026-6271 | CRITICAL | 9.8 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. … | May 14, 2026 |
| CVE-2026-6252 | MEDIUM | 6.4 | The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-6225 | MEDIUM | 6.5 | The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' … | May 14, 2026 |
| CVE-2026-5395 | HIGH | 8.2 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all … | May 14, 2026 |
| CVE-2026-5365 | MEDIUM | 4.3 | The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce … | May 14, 2026 |
| CVE-2026-5193 | MEDIUM | 6.5 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and … | May 14, 2026 |
| CVE-2026-3892 | HIGH | 8.1 | The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-3718 | HIGH | 7.2 | The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-3694 | MEDIUM | 6.4 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up … | May 14, 2026 |
| CVE-2026-8280 | MEDIUM | 6.5 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-8181 | CRITICAL | 9.8 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is … | May 14, 2026 |
| CVE-2026-8144 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7481 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7471 | LOW | 3.5 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-7377 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable … | May 14, 2026 |
| CVE-2026-6883 | LOW | 2.6 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-6417 | MEDIUM | 6.1 | The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, … | May 14, 2026 |
| CVE-2026-6335 | MEDIUM | 5.4 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user … | May 14, 2026 |
| CVE-2026-6073 | HIGH | 8.7 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have … | May 14, 2026 |
| CVE-2026-6063 | MEDIUM | 4.3 | GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain … | May 14, 2026 |
| CVE-2026-5396 | HIGH | 8.2 | The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due … | May 14, 2026 |