Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22971
Total
1632
Critical
7220
High
7324
Medium
CVE ID Severity Score Description Published
CVE-2026-14342 MEDIUM 4.9 The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact_ids' parameter … Jul 09, 2026
CVE-2026-14245 CRITICAL 9.8 The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up … Jul 09, 2026
CVE-2026-13771 MEDIUM 6.4 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, … Jul 09, 2026
CVE-2026-13450 MEDIUM 5.3 The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in … Jul 09, 2026
CVE-2026-13334 MEDIUM 6.1 The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'stag' parameter in all versions up to, and including, 2.3.4 … Jul 09, 2026
CVE-2026-13253 MEDIUM 6.4 The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to … Jul 09, 2026
CVE-2026-13080 MEDIUM 6.6 The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions … Jul 09, 2026
CVE-2026-13011 MEDIUM 6.5 The ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support plugin for WordPress is vulnerable to generic SQL Injection via the … Jul 09, 2026
CVE-2026-12418 MEDIUM 5.3 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in … Jul 09, 2026
CVE-2026-12406 MEDIUM 5.3 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions … Jul 09, 2026
CVE-2026-12170 MEDIUM 6.4 The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' … Jul 09, 2026
CVE-2026-11359 MEDIUM 4.3 The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up … Jul 09, 2026
CVE-2026-47840 HIGH 7.5 A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP … Jul 09, 2026
CVE-2026-47831 HIGH 7.5 Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via … Jul 09, 2026
CVE-2026-47830 HIGH 8.8 Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\service_wrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service … Jul 09, 2026
CVE-2026-47829 HIGH 8.3 Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh … Jul 09, 2026
CVE-2026-47828 HIGH 7.1 During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without … Jul 09, 2026
CVE-2026-47826 HIGH 8.8 The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH … Jul 09, 2026
CVE-2026-12517 MEDIUM 5.3 The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, … Jul 09, 2026
CVE-2026-12516 MEDIUM 5.3 The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated media-proxying endpoint, allowing anonymous users … Jul 09, 2026
CVE-2026-12270 MEDIUM 6.5 The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check … Jul 09, 2026
CVE-2026-11875 MEDIUM 5.3 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it … Jul 09, 2026
CVE-2026-11869 MEDIUM 5.3 The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request … Jul 09, 2026
CVE-2026-11571 HIGH 7.5 The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files generated during email-notification processing and leaves them publicly accessible in the … Jul 09, 2026
CVE-2026-5523 HIGH 8.8 The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the update_user() … Jul 09, 2026