🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-4871 | Medium | 6.4 |
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after…
|
— | Apr 8, 2026 |
| CVE-2026-4303 | Medium | 6.4 |
The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the …
|
— | Apr 8, 2026 |
| CVE-2026-1396 | Medium | 6.4 |
The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magi…
|
— | Apr 8, 2026 |
| CVE-2026-5803 | Medium | 6.3 |
A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The aff…
|
— | Apr 8, 2026 |
| CVE-2026-4394 | Medium | 6.1 |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Ty…
|
— | Apr 8, 2026 |
| CVE-2026-3781 | Medium | 5.4 |
The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all version…
|
— | Apr 8, 2026 |
| CVE-2025-1794 | Medium | 5.4 |
The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all vers…
|
— | Apr 8, 2026 |
| CVE-2026-4401 | Medium | 5.4 |
The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bu…
|
— | Apr 8, 2026 |
| CVE-2026-5812 | Medium | 5.4 |
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown pa…
|
— | Apr 8, 2026 |
| CVE-2026-5811 | Medium | 5.4 |
A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function…
|
— | Apr 8, 2026 |
| CVE-2026-40028 | Medium | 5.4 |
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allow…
|
— | Apr 8, 2026 |
| CVE-2026-0811 | Medium | 5.4 |
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a…
|
— | Apr 8, 2026 |
| CVE-2026-3477 | Medium | 5.3 |
The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including …
|
— | Apr 8, 2026 |
| CVE-2026-3646 | Medium | 5.3 |
The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin…
|
— | Apr 8, 2026 |
| CVE-2026-5167 | Medium | 5.3 |
The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authoriza…
|
— | Apr 8, 2026 |
| CVE-2026-3594 | Medium | 5.3 |
The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,…
|
— | Apr 8, 2026 |
| CVE-2025-14243 | Medium | 5.3 |
A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enum…
|
— | Apr 8, 2026 |
| CVE-2026-2263 | Medium | 5.3 |
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modific…
|
— | Apr 8, 2026 |
| CVE-2026-4654 | Medium | 5.3 |
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object R…
|
— | Apr 8, 2026 |
| CVE-2026-4299 | Medium | 5.3 |
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including…
|
— | Apr 8, 2026 |