🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-2988 | Medium | 6.4 |
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podca…
|
— | Apr 8, 2026 |
| CVE-2026-4025 | Medium | 6.4 |
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attr…
|
— | Apr 8, 2026 |
| CVE-2026-4379 | Medium | 6.4 |
The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in t…
|
— | Apr 8, 2026 |
| CVE-2026-3311 | Medium | 6.4 |
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for Wor…
|
— | Apr 8, 2026 |
| CVE-2026-4785 | Medium | 6.4 |
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-S…
|
— | Apr 8, 2026 |
| CVE-2026-4300 | Medium | 6.4 |
The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in al…
|
— | Apr 8, 2026 |
| CVE-2026-5451 | Medium | 6.4 |
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-trac…
|
— | Apr 8, 2026 |
| CVE-2026-2509 | Medium | 6.4 |
The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Cu…
|
— | Apr 8, 2026 |
| CVE-2026-4341 | Medium | 6.4 |
The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follo…
|
— | Apr 8, 2026 |
| CVE-2026-2481 | Medium | 6.4 |
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site …
|
— | Apr 8, 2026 |
| CVE-2026-3618 | Medium | 6.4 |
The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attr…
|
— | Apr 8, 2026 |
| CVE-2026-3600 | Medium | 6.4 |
The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion' …
|
— | Apr 8, 2026 |
| CVE-2026-4303 | Medium | 6.4 |
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the …
|
— | Apr 8, 2026 |
| CVE-2026-5711 | Medium | 6.4 |
The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block at…
|
— | Apr 8, 2026 |
| CVE-2026-4871 | Medium | 6.4 |
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after…
|
— | Apr 8, 2026 |
| CVE-2025-58713 | Medium | 6.4 |
A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems f…
|
— | Apr 8, 2026 |
| CVE-2025-57854 | Medium | 6.4 |
A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from…
|
— | Apr 8, 2026 |
| CVE-2025-57853 | Medium | 6.4 |
A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd fi…
|
— | Apr 8, 2026 |
| CVE-2025-57851 | Medium | 6.4 |
A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems f…
|
— | Apr 8, 2026 |
| CVE-2025-57847 | Medium | 6.4 |
A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from th…
|
— | Apr 8, 2026 |