🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-4379 | Medium | 6.4 |
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in t…
|
— | Apr 8, 2026 |
| CVE-2026-3239 | Medium | 6.4 |
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_v…
|
— | Apr 8, 2026 |
| CVE-2026-1396 | Medium | 6.4 |
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magi…
|
— | Apr 8, 2026 |
| CVE-2026-3600 | Medium | 6.4 |
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' …
|
— | Apr 8, 2026 |
| CVE-2026-3513 | Medium | 6.4 |
The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 8, 2026 |
| CVE-2026-2509 | Medium | 6.4 |
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Cu…
|
— | Apr 8, 2026 |
| CVE-2026-4655 | Medium | 6.4 |
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Imag…
|
— | Apr 8, 2026 |
| CVE-2026-5451 | Medium | 6.4 |
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-trac…
|
— | Apr 8, 2026 |
| CVE-2026-4303 | Medium | 6.4 |
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the …
|
— | Apr 8, 2026 |
| CVE-2026-3142 | Medium | 6.4 |
The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting …
|
— | Apr 8, 2026 |
| CVE-2026-3311 | Medium | 6.4 |
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for Wor…
|
— | Apr 8, 2026 |
| CVE-2026-2988 | Medium | 6.4 |
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podca…
|
— | Apr 8, 2026 |
| CVE-2026-2481 | Medium | 6.4 |
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site …
|
— | Apr 8, 2026 |
| CVE-2026-5803 | Medium | 6.3 |
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The aff…
|
— | Apr 8, 2026 |
| CVE-2026-4394 | Medium | 6.1 |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Ty…
|
— | Apr 8, 2026 |
| CVE-2026-5812 | Medium | 5.4 |
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown pa…
|
— | Apr 8, 2026 |
| CVE-2026-5811 | Medium | 5.4 |
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function…
|
— | Apr 8, 2026 |
| CVE-2026-3781 | Medium | 5.4 |
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all version…
|
— | Apr 8, 2026 |
| CVE-2025-1794 | Medium | 5.4 |
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all vers…
|
— | Apr 8, 2026 |
| CVE-2026-4401 | Medium | 5.4 |
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bu…
|
— | Apr 8, 2026 |