Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-2386 - Woocommerce Plugin
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 6.4.7. This is due to the tpae_create_page() AJAX handler authorizing users only with current_user_can('edit_posts') while accepting a user-controlled 'post_type' value passed directly to wp_insert_post() without post-type-specific capability checks. This makes it possible for authenticated attackers, with Author-level access and above, to create arbitrary draft posts for restricted post types (e.g., 'page' and 'nxt_builder') via the 'post_type' parameter.
PLUGIN
Woocommerce
CVE-2026-2386
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1317 - Ultimate Csv Xml Importer For Wordpress Plugin
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `file_name` parameter which is stored in the database during file upload and later used in raw SQL queries without proper sanitization. This makes it possible for authenticated attackers with Subscriber-level access or higher to append additional SQL queries into already existing queries via a malicious filename, which can be used to extract sensitive information from the…
PLUGIN
Ultimate Csv Xml Importer For Wordpress
CVE-2026-1317
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1582 - Wp All Export Plugin
The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\d+$), allowing download of sensitive export files containing PII, business data, or database information.
PLUGIN
Wp All Export
CVE-2026-1582
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2025-8781 - Wordpress Appointment Booking Plugin
The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Wordpress Appointment Booking
CVE-2025-8781
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2025-14799 - Mailin Plugin
The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter,…
PLUGIN
Mailin
CVE-2025-14799
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2426 - Wp Downloadmanager Plugin
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowing directory traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can lead to remote code execution when critical files like wp-config.php are deleted.
PLUGIN
Wp Downloadmanager
CVE-2026-2426
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1942 - Blog2Social: Social Media Auto Post & Scheduler Plugin
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only verifies current_user_can('read') without checking whether the user has edit_post permission for the target post. Combined with the plugin granting UI access and nonce exposure to all roles, this makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the title and content of arbitrary posts and…
PLUGIN
Blog2Social: Social Media Auto Post & Scheduler
CVE-2026-1942
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2025-14444 - Custom Registration Form Builder With Submission Manager Plugin
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. This is due to the plugin trusting client-supplied values for payment verification without validating that the payment actually went through PayPal. This makes it possible for unauthenticated attackers to bypass paid registration by manipulating payment status and activating their account without completing a real PayPal payment.
PLUGIN
Custom Registration Form Builder With Submission Manager
CVE-2025-14444
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2126 - User Submitted Posts Plugin
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to the `usp_get_submitted_category()` function accepting user-submitted category IDs from the POST body without validating them against the admin-configured allowed categories stored in `usp_options['categories']`. This makes it possible for unauthenticated attackers to assign submitted posts to arbitrary categories, including restricted ones, by crafting a direct POST request with manipulated `user-submitted-category[]` values, bypassing the frontend category restrictions.
PLUGIN
User Submitted Posts
CVE-2026-2126
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2025-13727 - Turnkey Video Site Builder Script Plugin
The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Turnkey Video Site Builder Script
CVE-2025-13727
Risk Score
Threat Entry
Updated 2026-02-18
CVE-2025-11185 - Complianz Gdpr Plugin
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Complianz Gdpr
CVE-2025-11185
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2495 - WPNakama – Team and multi-Client Collaboration, Editorial and Project Management Plugin
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
WPNakama – Team and multi-Client Collaboration, Editorial and Project Management
CVE-2026-2495
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1941 - Wp Event Aggregator Plugin
The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Wp Event Aggregator
CVE-2026-1941
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2127 - Siteorigin Widgets Bundle Plugin
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the `siteorigin_widget_preview_widget_action()` function which is registered via the `wp_ajax_so_widgets_preview` AJAX action. The function only verifies a nonce (`widgets_action`) but does not check user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by invoking the `SiteOrigin_Widget_Editor_Widget` via the preview endpoint. The required nonce is exposed on the public frontend when the…
PLUGIN
Siteorigin Widgets Bundle
CVE-2026-2127
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1656 - Business Directory Plugin
The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthenticated attackers to modify arbitrary listings, including changing titles, content, and email addresses, by directly referencing the listing ID in crafted requests to the wpbdp_ajax AJAX action.
PLUGIN
Business Directory
CVE-2026-1656
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1649 - Community Events Plugin
The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_venue_name' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Community Events
CVE-2026-1649
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1938 - Woocommerce Email Customizer Plugin
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized license key deletion due to a missing authorization check on the `/yaymail-license/v1/license/delete` REST endpoint in versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to delete the plugin's license key via the '/yaymail-license/v1/license/delete' endpoint granted they can obtain the REST API nonce.
PLUGIN
Woocommerce Email Customizer
CVE-2026-1938
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1943 - Woocommerce Email Customizer Plugin
The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
PLUGIN
Woocommerce Email Customizer
CVE-2026-1943
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2112 - Dam Spam Plugin
The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pending comments via a forged request granted they can trick an admin into performing an action such as clicking on a link.
PLUGIN
Dam Spam
CVE-2026-2112
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1860 - Kali Forms — Contact Form & Drag-and-Drop Builder Plugin
The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the `get_items_permissions_check()` permission callback on the `/kaliforms/v1/forms/{id}` REST API endpoint only checking for the `edit_posts` capability without verifying that the requesting user has ownership or authorization over the specific form resource. This makes it possible for authenticated attackers, with Contributor-level access and above, to read form configuration data belonging to other users (including administrators) by enumerating form IDs. Exposed data includes form field structures, Google…
PLUGIN
Kali Forms — Contact Form & Drag-and-Drop Builder
CVE-2026-1860
Risk Score