CVE Database

109208+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-40812
7.5 HIGH

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in …

May 27, 2026
CVE-2026-40811
7.5 HIGH

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT …

May 27, 2026
CVE-2026-40810
7.5 HIGH

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL …

May 27, 2026
CVE-2026-3897
6.4 MEDIUM

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `labb_admin_ajax` AJAX action in all versions up to, …

May 27, 2026
CVE-2026-3896
6.4 MEDIUM

The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lsow_admin_ajax` AJAX action in all versions up to, and including, …

May 27, 2026
CVE-2026-3895
6.4 MEDIUM

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `lvca_admin_ajax` AJAX action in all versions up …

May 27, 2026
CVE-2026-3375
7.2 HIGH

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and /wp-json/litespeed/v1/notify_ucss REST API endpoints in all versions up to, …

May 27, 2026
CVE-2026-3279
6.5 MEDIUM

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `downgrade_jquery_version()` function …

May 27, 2026
CVE-2026-3001
6.1 MEDIUM

The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.4.6 due to …

May 27, 2026
CVE-2026-2030
6.4 MEDIUM

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[lvca_carousel]` and `[lvca_posts_carousel]` shortcode attributes in all …

May 27, 2026
CVE-2025-41670
7.8 HIGH

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located …

May 27, 2026
CVE-2025-41669
8.8 HIGH

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any …

May 27, 2026
CVE-2026-9200
7.5 HIGH

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This …

May 27, 2026
CVE-2026-9014
5.3 MEDIUM

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_stats() function in versions …

May 27, 2026
CVE-2026-8994
8.1 HIGH

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered …

May 27, 2026
CVE-2026-8943
4.3 MEDIUM

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to …

May 27, 2026
CVE-2026-8941
4.3 MEDIUM

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing …

May 27, 2026
CVE-2026-8939
4.3 MEDIUM

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing …

May 27, 2026
CVE-2026-8938
4.3 MEDIUM

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to …

May 27, 2026
CVE-2026-8911
6.1 MEDIUM

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing …

May 27, 2026
CVE-2026-8903
4.3 MEDIUM

The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is …

May 27, 2026
CVE-2026-8899
6.4 MEDIUM

The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbnails' shortcode in all versions up to, and including, 1.0. This …

May 27, 2026
CVE-2026-8898
6.4 MEDIUM

The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-events' shortcode in versions up to, and including, 3.0. This …

May 27, 2026
CVE-2026-8897
6.4 MEDIUM

The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 0.1.9.5 due to …

May 27, 2026
CVE-2026-8894
6.4 MEDIUM

The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `iwrtooltip` shortcode in versions up to, and including, 1.0. This …

May 27, 2026
CVE-2026-8891
6.4 MEDIUM

The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitform' shortcode in versions up to, and including, 1.1.0. This is …

May 27, 2026
CVE-2026-8887
6.4 MEDIUM

The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'listen' shortcode in versions up to, and including, 1.0. This is …

May 27, 2026
CVE-2026-8886
6.4 MEDIUM

The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title-plane' shortcode in versions up to, and including, 1.0. This is due …

May 27, 2026
CVE-2026-8884
6.4 MEDIUM

The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.3.4 due …

May 27, 2026
CVE-2026-8877
6.4 MEDIUM

The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rem_video' shortcode in versions up to, and including, 0.1. This …

May 27, 2026
CVE-2026-8875
6.4 MEDIUM

The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'code' (and 'c') shortcode in versions up to, …

May 27, 2026
CVE-2026-8873
6.4 MEDIUM

The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to …

May 27, 2026
CVE-2026-8872
6.4 MEDIUM

The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. …

May 27, 2026
CVE-2026-8871
6.4 MEDIUM

The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic_link' shortcode in versions up to, and including, 1.1.01. This is …

May 27, 2026
CVE-2026-8870
6.4 MEDIUM

The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up …

May 27, 2026
CVE-2026-8869
6.4 MEDIUM

The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute in versions up to, and including, 1.2.1. …

May 27, 2026
CVE-2026-8868
6.4 MEDIUM

The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'single-mailchimp' shortcode in all versions up to, and including, 1.4. This …

May 27, 2026
CVE-2026-8867
6.4 MEDIUM

The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'postcategorygallery' shortcode in versions up to, and including, 1.0.0. …

May 27, 2026
CVE-2026-8866
6.4 MEDIUM

The jQuery googleslides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'googleslides' shortcode in all versions up to, and including, 1.3. This …

May 27, 2026
CVE-2026-8847
6.4 MEDIUM

The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo' shortcode in version 1.0. This is due to insufficient input …

May 27, 2026
CVE-2026-8846
6.4 MEDIUM

The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' shortcode in versions up to, and including, 1.3. This is due …

May 27, 2026
CVE-2026-8845
6.4 MEDIUM

The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'islamicDB-roqya' shortcode in versions up to, and including, 1.0. This is …

May 27, 2026
CVE-2026-8844
6.4 MEDIUM

The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspcheck' shortcode in versions up to, and including, 0.0.3. This is …

May 27, 2026
CVE-2026-8842
6.4 MEDIUM

The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gplusnamelink' shortcode in versions up to, and including, 1.0. This …

May 27, 2026
CVE-2026-8837
6.4 MEDIUM

The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'adid' Shortcode Attribute in all versions up …

May 27, 2026
CVE-2026-8787
8.8 HIGH

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due …

May 27, 2026
CVE-2026-8760
9.8 CRITICAL

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an …

May 27, 2026
CVE-2026-8708
4.3 MEDIUM

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing …

May 27, 2026
CVE-2026-8707
6.1 MEDIUM

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to, and including, 1.2.4 due …

May 27, 2026
CVE-2026-8703
6.4 MEDIUM

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to …

May 27, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.