🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-2375 | Medium | 6.5 |
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalat…
|
— | Mar 21, 2026 |
| CVE-2026-0609 | Medium | 6.4 |
The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored …
|
— | Mar 21, 2026 |
| CVE-2026-1806 | Medium | 6.4 |
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th…
|
— | Mar 21, 2026 |
| CVE-2026-1914 | Medium | 6.4 |
The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusedesk_newcase shortco…
|
— | Mar 21, 2026 |
| CVE-2026-1911 | Medium | 6.4 |
The Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tweet_title' parameter in t…
|
— | Mar 21, 2026 |
| CVE-2026-1908 | Medium | 6.4 |
The Integration with Hubspot Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hubspotfor…
|
— | Mar 21, 2026 |
| CVE-2026-1899 | Medium | 6.4 |
The Any Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aps_slider shortc…
|
— | Mar 21, 2026 |
| CVE-2026-1575 | Medium | 6.4 |
The Schema Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `itemscope` shor…
|
— | Mar 21, 2026 |
| CVE-2026-1891 | Medium | 6.4 |
The Simple Football Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ytmr_fb_scoreb…
|
— | Mar 21, 2026 |
| CVE-2026-1889 | Medium | 6.4 |
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' sh…
|
— | Mar 21, 2026 |
| CVE-2026-1886 | Medium | 6.4 |
The Go Night Pro | WordPress Dark Mode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'…
|
— | Mar 21, 2026 |
| CVE-2026-1093 | Medium | 6.4 |
The WPFAQBlock– FAQ & Accordion Plugin For Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…
|
— | Mar 21, 2026 |
| CVE-2026-1854 | Medium | 6.4 |
The Post Flagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flag' shortcode in …
|
— | Mar 21, 2026 |
| CVE-2026-1851 | Medium | 6.4 |
The iVysilani Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' shortcode attr…
|
— | Mar 21, 2026 |
| CVE-2026-1397 | Medium | 6.4 |
The PQ Addons – Creative Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget …
|
— | Mar 21, 2026 |
| CVE-2026-1275 | Medium | 6.4 |
The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' s…
|
— | Mar 21, 2026 |
| CVE-2026-1822 | Medium | 6.4 |
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortc…
|
— | Mar 21, 2026 |
| CVE-2026-2501 | Medium | 6.4 |
The Ed's Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `social_share` …
|
— | Mar 21, 2026 |
| CVE-2026-2352 | Medium | 6.4 |
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value i…
|
— | Mar 21, 2026 |
| CVE-2026-2430 | Medium | 6.4 |
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing …
|
— | Mar 21, 2026 |