🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3571 | Medium | 6.5 |
The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized …
|
— | Apr 4, 2026 |
| CVE-2026-3309 | Medium | 6.5 |
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePres…
|
— | Apr 4, 2026 |
| CVE-2025-15064 | Medium | 6.4 |
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi…
|
— | Apr 4, 2026 |
| CVE-2026-2924 | Medium | 6.4 |
The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Sit…
|
— | Apr 4, 2026 |
| CVE-2025-13368 | Medium | 6.4 |
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the P…
|
— | Apr 4, 2026 |
| CVE-2026-0552 | Medium | 6.4 |
The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsc_displa…
|
— | Apr 4, 2026 |
| CVE-2018-25249 | Medium | 6.4 |
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to in…
|
— | Apr 4, 2026 |
| CVE-2026-0626 | Medium | 6.4 |
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulner…
|
— | Apr 4, 2026 |
| CVE-2026-0664 | Medium | 6.4 |
The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' p…
|
— | Apr 4, 2026 |
| CVE-2026-0738 | Medium | 6.4 |
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 4, 2026 |
| CVE-2026-2600 | Medium | 6.4 |
The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 4, 2026 |
| CVE-2026-0737 | Medium | 6.4 |
The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all …
|
— | Apr 4, 2026 |
| CVE-2026-2949 | Medium | 6.4 |
The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the I…
|
— | Apr 4, 2026 |
| CVE-2026-2437 | Medium | 6.4 |
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-S…
|
— | Apr 4, 2026 |
| CVE-2016-20050 | Medium | 6.2 |
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to c…
|
— | Apr 4, 2026 |
| CVE-2018-25252 | Medium | 6.2 |
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by in…
|
— | Apr 4, 2026 |
| CVE-2018-25253 | Medium | 6.2 |
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local att…
|
— | Apr 4, 2026 |
| CVE-2018-25247 | Medium | 6.1 |
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts b…
|
— | Apr 4, 2026 |
| CVE-2016-20051 | Medium | 5.3 |
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credenti…
|
— | Apr 4, 2026 |
| CVE-2016-20053 | Medium | 5.3 |
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create admin…
|
— | Apr 4, 2026 |