🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-3489 | High | 7.5 |
The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection vi…
|
— | Apr 16, 2026 |
| CVE-2026-3599 | High | 7.5 |
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within…
|
— | Apr 16, 2026 |
| CVE-2026-6351 | High | 7.5 |
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers …
|
— | Apr 16, 2026 |
| CVE-2026-5050 | High | 7.5 |
The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptog…
|
— | Apr 16, 2026 |
| CVE-2026-3876 | High | 7.2 |
The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-short…
|
— | Apr 16, 2026 |
| CVE-2026-3773 | Medium | 6.5 |
The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter …
|
— | Apr 16, 2026 |
| CVE-2026-40503 | Medium | 6.5 |
OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat a…
|
— | Apr 16, 2026 |
| CVE-2026-3299 | Medium | 6.4 |
The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode …
|
— | Apr 16, 2026 |
| CVE-2026-3875 | Medium | 6.4 |
The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shor…
|
— | Apr 16, 2026 |
| CVE-2026-5070 | Medium | 6.4 |
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions …
|
— | Apr 16, 2026 |
| CVE-2026-3878 | Medium | 6.4 |
The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parame…
|
— | Apr 16, 2026 |
| CVE-2026-1572 | Medium | 6.4 |
The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cro…
|
— | Apr 16, 2026 |
| CVE-2025-13364 | Medium | 6.4 |
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnera…
|
— | Apr 16, 2026 |
| CVE-2026-2840 | Medium | 6.4 |
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Sc…
|
— | Apr 16, 2026 |
| CVE-2026-3885 | Medium | 6.4 |
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
|
— | Apr 16, 2026 |
| CVE-2026-4032 | Medium | 6.1 |
The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comm…
|
— | Apr 16, 2026 |
| CVE-2026-3355 | Medium | 6.1 |
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsea…
|
— | Apr 16, 2026 |
| CVE-2026-3369 | Medium | 5.4 |
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…
|
— | Apr 16, 2026 |
| CVE-2026-3595 | Medium | 5.3 |
The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and inclu…
|
— | Apr 16, 2026 |
| CVE-2026-3581 | Medium | 5.3 |
The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and inclu…
|
— | Apr 16, 2026 |