🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-6491 | Medium | 5.3 |
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec o…
|
— | Apr 17, 2026 |
| CVE-2026-5427 | Medium | 5.3 |
The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due…
|
— | Apr 17, 2026 |
| CVE-2026-5502 | Medium | 5.3 |
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content m…
|
— | Apr 17, 2026 |
| CVE-2026-5797 | Medium | 5.3 |
The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and inc…
|
— | Apr 17, 2026 |
| CVE-2026-5234 | Medium | 5.3 |
The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includin…
|
— | Apr 17, 2026 |
| CVE-2026-6492 | Medium | 5.3 |
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea.…
|
— | Apr 17, 2026 |
| CVE-2026-3773 | Medium | 6.5 |
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter …
|
— | Apr 16, 2026 |
| CVE-2026-40503 | Medium | 6.5 |
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat a…
|
— | Apr 16, 2026 |
| CVE-2026-3885 | Medium | 6.4 |
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 16, 2026 |
| CVE-2025-13364 | Medium | 6.4 |
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnera…
|
— | Apr 16, 2026 |
| CVE-2026-3878 | Medium | 6.4 |
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parame…
|
— | Apr 16, 2026 |
| CVE-2026-3875 | Medium | 6.4 |
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shor…
|
— | Apr 16, 2026 |
| CVE-2026-1572 | Medium | 6.4 |
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cro…
|
— | Apr 16, 2026 |
| CVE-2026-3299 | Medium | 6.4 |
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode …
|
— | Apr 16, 2026 |
| CVE-2026-2840 | Medium | 6.4 |
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Sc…
|
— | Apr 16, 2026 |
| CVE-2026-5070 | Medium | 6.4 |
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions …
|
— | Apr 16, 2026 |
| CVE-2026-4032 | Medium | 6.1 |
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comm…
|
— | Apr 16, 2026 |
| CVE-2026-3355 | Medium | 6.1 |
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsea…
|
— | Apr 16, 2026 |
| CVE-2026-3369 | Medium | 5.4 |
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…
|
— | Apr 16, 2026 |
| CVE-2026-0718 | Medium | 5.3 |
The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthor…
|
— | Apr 16, 2026 |