CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-0552 The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsc_display_product' shortcode in all versions up to, and including, 5.2.4 due to insuffic... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0664 The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' parameter in all versions up to, and including, 1.7.1049 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0737 The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.7. This is due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0738 The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the su_carousel shortcode in all versions up to, and including, 7.4.8. This is due ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2600 The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ekit_tab_title' parameter in the Simple Tab widget in all versions up to, and ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4896 The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inclu... | 8.1 | HIGH | — | 0 |
| CVE-2026-2437 The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wte_trip_tax' shortcode in all versions up to, a... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-2826 The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not pro... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3445 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass i... | 7.1 | HIGH | — | 0 |
| CVE-2026-5425 The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions up to, and including, 1.7.9 due to insufficient i... | 7.2 | HIGH | — | 0 |
| CVE-2026-0626 The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all ve... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1233 The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.9.8. This is due to the plugin containing... | 7.5 | HIGH | — | 0 |
| CVE-2026-2936 The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient ... | 7.2 | HIGH | — | 0 |
| CVE-2026-3309 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all ver... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3666 The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal s... | 8.8 | HIGH | — | 0 |
| CVE-2026-5530 A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of the component Model Pull API. Executing a manipulation can lead to server-side ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5531 A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5532 A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the com... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5533 A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packages/web-ui/src/tools/artifacts/SvgArtifact.ts of the component SVG Artifact Hand... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5534 A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such m... | 7.3 | HIGH | — | 0 |
| CVE-2026-5537 A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the c... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5538 A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of the file JudgeServer.service_url of the component judge_server_heartbeat Endpoin... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5539 A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument first... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5540 A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2026-5541 A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipul... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5542 A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5543 A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5544 A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument P... | 8.8 | HIGH | — | 0 |
| CVE-2026-5546 A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson of the file /application/models/Crud_model.php. This manipulation causes unrestr... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5551 A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. Th... | 7.3 | HIGH | — | 0 |
| CVE-2026-5552 A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5553 A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler.... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5554 A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/proc... | 7.3 | HIGH | — | 0 |
| CVE-2026-5555 A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parame... | 7.3 | HIGH | — | 0 |
| CVE-2026-5556 A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loa... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5557 A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file packages/mom/src/slack.ts of the component pi-mom Slack Bot. The manipulation resu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5558 A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5559 A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipul... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5560 A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5561 A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the co... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5563 A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipula... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5564 A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. T... | 7.3 | HIGH | — | 0 |
| CVE-2026-5565 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Ha... | 7.3 | HIGH | — | 0 |
| CVE-2026-5566 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind res... | 8.8 | HIGH | — | 0 |
| CVE-2026-5568 A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site script... | 3.5 | LOW | — | 0 |
| CVE-2026-5575 A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulat... | 7.3 | HIGH | — | 0 |
| CVE-2026-5576 A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipu... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-34904 Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through ... | 7.5 | HIGH | — | 0 |
| CVE-2026-22683 Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the b... | 8.8 | HIGH | — | 0 |
| CVE-2026-39384 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit_user_customer_visibility parameter into account when merging cust... | 7.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.