CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-5833 A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Ide... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5664 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-30078. Reason: This candidate is a reservation duplicate of CVE-2026-30078. Notes: All CVE users should reference C... | N/A | NONE | β | 0 |
| CVE-2026-5834 A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name result... | 2.4 | LOW | β | 0 |
| CVE-2026-5835 A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argument... | 2.4 | LOW | β | 0 |
| CVE-2026-5836 A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_product.php. The manipulation of the argument produ... | 2.4 | LOW | β | 0 |
| CVE-2026-5837 A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The atta... | 7.3 | HIGH | β | 0 |
| CVE-2026-21372 Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | 7.8 | HIGH | β | 0 |
| CVE-2026-1830 The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints tha... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4336 The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity_... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5742 The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and imp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5838 A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername cau... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5839 A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescript... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-33727 Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privileg... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5840 A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5842 A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5847 A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipula... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-11754 The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and inclu... | 7.5 | HIGH | β | 0 |
| CVE-2025-12027 The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor"... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25337 Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-12081 The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up t... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12116 The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. Th... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12117 The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. T... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12172 The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12375 The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. T... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12884 The Advanced Ads β Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a use... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12448 The Smartsupp β live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 due... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12500 The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12707 The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3.2.1 due to insufficient escaping on the user supplied ... | 7.5 | HIGH | β | 0 |
| CVE-2025-12821 The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_act... | 8.8 | HIGH | β | 0 |
| CVE-2025-12845 The Tablesome Table β Contact Form DB β WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing ... | 8.8 | HIGH | β | 0 |
| CVE-2025-12975 The CTX Feed β WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woo_feed_plugin_installing() f... | 7.2 | HIGH | β | 0 |
| CVE-2025-13048 The StatCounter β Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13079 The Popup Builder β Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to t... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13091 The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13113 The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the `accessibe_render_js_in_footer()`... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13413 The Country Blocker for AdSense plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the CBFA_guardar_... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13438 The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13563 The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restri... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13587 The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login()... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13603 The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce v... | 8.8 | HIGH | β | 0 |
| CVE-2025-13612 The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `aigpl-gallery-album` shortcode in all versions up to, and including, 2.1.7... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13617 The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βa13_alt_linkβ parameter in all versions up to, and including, 1.9.8 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13732 The s2Member β Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 's2... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13738 The Easy Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ez-toc` shortcode in all versions up to, and including, 2.0.78 due to insufficient input ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13842 The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13851 The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugi... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13864 The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint `/wp-json/breez... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13930 The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14076 The iXML β Google XML sitemap generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'iXML_email' parameter in all versions up to, and including, 0.6 due to insufficien... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-14167 The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||... | 4.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.