Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-6932 | MEDIUM | 4.3 | The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due … | May 12, 2026 |
| CVE-2026-6913 | MEDIUM | 6.4 | The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to … | May 12, 2026 |
| CVE-2026-6808 | MEDIUM | 6.1 | The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-6710 | MEDIUM | 4.3 | The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due … | May 12, 2026 |
| CVE-2026-6709 | MEDIUM | 4.3 | The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due … | May 12, 2026 |
| CVE-2026-6708 | MEDIUM | 5.3 | The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is … | May 12, 2026 |
| CVE-2026-6690 | HIGH | 7.2 | The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, … | May 12, 2026 |
| CVE-2026-6663 | MEDIUM | 4.8 | The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code execution in all versions up to, and including, 2.9. This is … | May 12, 2026 |
| CVE-2026-6402 | MEDIUM | 5.3 | webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. … | May 12, 2026 |
| CVE-2026-6256 | MEDIUM | 6.4 | The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the 'credits' shortcode in all versions up to, … | May 12, 2026 |
| CVE-2026-6247 | MEDIUM | 6.4 | The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' attribute of the 'scratchblocks' shortcode in all versions up … | May 12, 2026 |
| CVE-2026-6237 | MEDIUM | 6.4 | The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, … | May 12, 2026 |
| CVE-2026-5715 | MEDIUM | 6.4 | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, … | May 12, 2026 |
| CVE-2026-5693 | MEDIUM | 5.3 | The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and a nonce validation … | May 12, 2026 |
| CVE-2026-5340 | MEDIUM | 6.4 | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, … | May 12, 2026 |
| CVE-2026-5028 | MEDIUM | 6.5 | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the `pp-get-articles` AJAX action … | May 12, 2026 |
| CVE-2026-4920 | MEDIUM | 6.4 | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 … | May 12, 2026 |
| CVE-2026-4859 | MEDIUM | 6.4 | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'design' attribute of the `wpsbd_post_carousel` shortcode in all versions up … | May 12, 2026 |
| CVE-2026-4663 | MEDIUM | 5.3 | The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin … | May 12, 2026 |
| CVE-2026-4301 | MEDIUM | 4.3 | The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and … | May 12, 2026 |
| CVE-2026-3604 | MEDIUM | 4.9 | The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_kcseo_ative_tab` parameter in all versions up to, and … | May 12, 2026 |
| CVE-2026-39432 | HIGH | 8.2 | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53. | May 12, 2026 |
| CVE-2026-2993 | HIGH | 7.5 | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to … | May 12, 2026 |
| CVE-2026-2300 | MEDIUM | 6.4 | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. … | May 12, 2026 |
| CVE-2026-35227 | UNKNOWN | — | An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is … | May 12, 2026 |