🛡️ مركز معلومات الثغرات
قاعدة بيانات الثغرات والتهديدات الأمنية المحدّثة
| المعرّف | الخطورة | CVSS | الوصف | الحالة | النشر |
|---|---|---|---|---|---|
| CVE-2026-4333 | متوسط | 6.4 |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' a…
|
— | أبريل 8, 2026 |
| CVE-2026-4379 | متوسط | 6.4 |
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in t…
|
— | أبريل 8, 2026 |
| CVE-2026-3311 | متوسط | 6.4 |
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for Wor…
|
— | أبريل 8, 2026 |
| CVE-2026-4300 | متوسط | 6.4 |
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in al…
|
— | أبريل 8, 2026 |
| CVE-2026-4341 | متوسط | 6.4 |
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follo…
|
— | أبريل 8, 2026 |
| CVE-2026-3142 | متوسط | 6.4 |
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting …
|
— | أبريل 8, 2026 |
| CVE-2026-4655 | متوسط | 6.4 |
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Imag…
|
— | أبريل 8, 2026 |
| CVE-2026-4785 | متوسط | 6.4 |
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-S…
|
— | أبريل 8, 2026 |
| CVE-2026-5803 | متوسط | 6.3 |
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The aff…
|
— | أبريل 8, 2026 |
| CVE-2026-4394 | متوسط | 6.1 |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Ty…
|
— | أبريل 8, 2026 |
| CVE-2025-1794 | متوسط | 5.4 |
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all vers…
|
— | أبريل 8, 2026 |
| CVE-2026-3781 | متوسط | 5.4 |
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all version…
|
— | أبريل 8, 2026 |
| CVE-2026-5812 | متوسط | 5.4 |
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown pa…
|
— | أبريل 8, 2026 |
| CVE-2026-5811 | متوسط | 5.4 |
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function…
|
— | أبريل 8, 2026 |
| CVE-2026-0811 | متوسط | 5.4 |
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a…
|
— | أبريل 8, 2026 |
| CVE-2026-4401 | متوسط | 5.4 |
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bu…
|
— | أبريل 8, 2026 |
| CVE-2026-40028 | متوسط | 5.4 |
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allow…
|
— | أبريل 8, 2026 |
| CVE-2026-3477 | متوسط | 5.3 |
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including …
|
— | أبريل 8, 2026 |
| CVE-2026-3646 | متوسط | 5.3 |
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin…
|
— | أبريل 8, 2026 |
| CVE-2026-2263 | متوسط | 5.3 |
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modific…
|
— | أبريل 8, 2026 |