🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-0811 | Medium | 5.4 |
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a…
|
— | Apr 8, 2026 |
| CVE-2025-1794 | Medium | 5.4 |
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all vers…
|
— | Apr 8, 2026 |
| CVE-2026-4654 | Medium | 5.3 |
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object R…
|
— | Apr 8, 2026 |
| CVE-2025-14243 | Medium | 5.3 |
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enum…
|
— | Apr 8, 2026 |
| CVE-2026-3477 | Medium | 5.3 |
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including …
|
— | Apr 8, 2026 |
| CVE-2026-2263 | Medium | 5.3 |
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modific…
|
— | Apr 8, 2026 |
| CVE-2026-3646 | Medium | 5.3 |
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin…
|
— | Apr 8, 2026 |
| CVE-2026-5167 | Medium | 5.3 |
The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authoriza…
|
— | Apr 8, 2026 |
| CVE-2026-3594 | Medium | 5.3 |
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,…
|
— | Apr 8, 2026 |
| CVE-2026-4299 | Medium | 5.3 |
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including…
|
— | Apr 8, 2026 |
| CVE-2026-32591 | Medium | 5.2 |
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an u…
|
— | Apr 8, 2026 |
| CVE-2026-5719 | Medium | 6.3 |
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /…
|
— | Apr 7, 2026 |
| CVE-2025-13044 | Medium | 6.2 |
IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite ar…
|
— | Apr 7, 2026 |
| CVE-2026-5745 | Medium | 5.5 |
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically w…
|
— | Apr 7, 2026 |
| CVE-2026-4065 | Medium | 5.4 |
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing cap…
|
— | Apr 7, 2026 |
| CVE-2026-39346 | Medium | 5.4 |
OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed auth…
|
— | Apr 7, 2026 |
| CVE-2026-3177 | Medium | 5.3 |
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vul…
|
— | Apr 7, 2026 |
| CVE-2026-22680 | Medium | 5.3 |
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allo…
|
— | Apr 7, 2026 |
| CVE-2025-14944 | Medium | 5.3 |
The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2…
|
— | Apr 7, 2026 |
| CVE-2025-47374 | Medium | 6.5 |
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling.
|
— | Apr 6, 2026 |