Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-05
CVE-2026-5109 - Gravity Forms Plugin
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted values where the wp_kses()-sanitized version matches a legitimate option value, but then stores the raw unsanitized value in the database. When administrators view entry details via the Order Summary section, the option_label is output directly without escaping (view-order-summary.php line 32), executing the injected JavaScript. This makes it…
PLUGIN
Gravity Forms
CVE-2026-5109
Risk Score
Threat Entry
Updated 2026-05-05
CVE-2026-7641 - Import Users From Csv With Meta Plugin
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site (e.g., `wp_capabilities`, `wp_user_level`) but fails to block the equivalent meta keys for any other subsite in a WordPress Multisite network (e.g., `wp_2_capabilities`, `wp_2_user_level`), allowing these keys to pass the `in_array()` check and be written directly to user meta via `update_user_meta()`. This makes it possible for authenticated…
PLUGIN
Import Users From Csv With Meta
CVE-2026-7641
Risk Score
Threat Entry
Updated 2026-05-05
CVE-2026-6963 - Wp Mail Gateway Plugin
The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update SMTP settings and redirect mail which can be used for privilege escalation by triggering a password reset email and using that to access and administrator's account.
PLUGIN
Wp Mail Gateway
CVE-2026-6963
Risk Score
Threat Entry
Updated 2026-05-01
CVE-2026-3772 - Wp Editor Plugin
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'add_themes_page' functions. This makes it possible for unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with attacker-controlled code via a forged request, granted they can trick a site administrator into performing an action such as clicking a link.
PLUGIN
Wp Editor
CVE-2026-3772
Risk Score
Threat Entry
Updated 2026-04-30
CVE-2026-2892 - Otter Blocks Plugin
The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'get_customer_data' method relying on an unsigned 'o_stripe_data' cookie to determine Stripe product ownership for unauthenticated users. The 'check_purchase' method trusts this cookie data without performing server-side verification against the Stripe API for one-time 'payment' mode purchases. This makes it possible for unauthenticated attackers to bypass Stripe purchase-gated content visibility conditions by forging the 'o_stripe_data' cookie with a target product ID, which is publicly exposed in…
PLUGIN
Otter Blocks
CVE-2026-2892
Risk Score
Threat Entry
Updated 2026-05-03
CVE-2026-41940 - WordPress Core
WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability Vendor/Product: WebPros cPanel & WHM and WP2 (WordPress Squared) Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Notes: https://support.cpanel.net/hc/en-us/articles/40073787579671-cPanel-WHM-Security-Update-04-28-2026 ; https://docs.cpanel.net/release-notes/release-notes/ ; https://docs.wpsquared.com/changelogs/versions/changelog/#13617 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41940"
CORE
WordPress Core
CVE-2026-41940
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-42652 - User Registration Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through
PLUGIN
User Registration
CVE-2026-42652
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-42646 - TaxoPress Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through
PLUGIN
TaxoPress
CVE-2026-42646
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-42377 - SureForms Pro Plugin
Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0.
PLUGIN
SureForms Pro
CVE-2026-42377
Risk Score
Threat Entry
Updated 2026-04-27
CVE-2026-6741 - Calendar Booking Plugin For Appointments And Events
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute() method of the connect-customer-to-wp-user ability, which only requires the customer__edit capability granted to the latepoint_agent role by default, without verifying whether the target WordPress user ID belongs to a privileged account. This makes it possible for authenticated attackers with the latepoint_agent role to link any LatePoint customer record to an administrator's WordPress account and…
PLUGIN
Calendar Booking Plugin For Appointments And Events
CVE-2026-6741
Risk Score
Threat Entry
Updated 2026-04-27
CVE-2026-42379 - Templately Plugin
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
PLUGIN
Templately
CVE-2026-42379
Risk Score
Threat Entry
Updated 2026-04-27
CVE-2026-7106 - Highland Software Custom Role Manager Plugin
The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscrm_save_user_roles() function, which is hooked to the personal_options_update action accessible by any authenticated user. This makes it possible for authenticated attackers, with Subscriber-level access or higher, to potentially modify user roles via the profile update form.
PLUGIN
Highland Software Custom Role Manager
CVE-2026-7106
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-5364 - Drag And Drop File Upload For Contact Form 7 Plugin
The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the attacker rather than being restricted to administrator-configured values, which when combined with the fact that validation occurs on the unsanitized extension while the file is saved with a sanitized extension, allows special characters like '$' to be stripped during the…
PLUGIN
Drag And Drop File Upload For Contact Form 7
CVE-2026-5364
Risk Score
Threat Entry
Updated 2026-04-23
CVE-2026-5464 - Google Analytics Dashboard For Wp Plugin
The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding_key' transient to any user with the 'exactmetrics_view_dashboard' capability. This key is the sole authorization gate for the '/wp-json/exactmetrics/v1/onboarding/connect-url' REST endpoint, which returns a one-time hash (OTH) token. This OTH token is then the only credential checked by the 'exactmetrics_connect_process' AJAX endpoint — which has no capability check, no nonce…
PLUGIN
Google Analytics Dashboard For Wp
CVE-2026-5464
Risk Score
Threat Entry
Updated 2026-04-23
CVE-2026-4106 - Ht Mega Addons For Elementor Plugin
The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days
PLUGIN
Ht Mega Addons For Elementor
CVE-2026-4106
Risk Score
Threat Entry
Updated 2026-05-18
CVE-2026-32679 - WordPress component
The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerForAdmin.exe) and the installers of Canon Network Camera Plugin (CanonNWCamPlugin.exe and CanonNWCamPluginForAdmin.exe) insecurely load Dynamic Link Libraries (DLLs). If a malicious DLL is placed at the same directory, the affected installer may load that DLL and execute its code with the privilege of the user invoking the installer.
UNKNOWN
WordPress component
CVE-2026-32679
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-4132 - Http Headers Plugin
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hh_htpasswd_path' option and lack of sanitization on the 'hh_www_authenticate_user' option value. The plugin allows administrators to set an arbitrary file path for the htpasswd file location and does not validate that the path has a safe file extension (e.g., restricting to .htpasswd). Additionally, the username field used for…
PLUGIN
Http Headers
CVE-2026-4132
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-39467 - Responsive Slider by MetaSlider Plugin
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.
PLUGIN
Responsive Slider by MetaSlider
CVE-2026-39467
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-5478 - Everest Forms Plugin
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate server-side upload state, and converting attacker-supplied URLs into local filesystem paths using regex-based string replacement without canonicalization or directory boundary enforcement. This makes it possible for unauthenticated attackers to read arbitrary local files (e.g., wp-config.php) by injecting path-traversal payloads into the old_files upload field parameter, which are then attached to notification emails.…
PLUGIN
Everest Forms
CVE-2026-5478
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-6248 - Wpforo Forum Plugin
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store an arbitrary path instead of a legitimate upload path; and the wpforo_fix_upload_dir() sanitization function in ucf_file_delete() only remaps paths that match the expected pattern, and it is passed directly to the unlink() function. This makes it possible for authenticated attackers, with subscriber-level access and…
PLUGIN
Wpforo Forum
CVE-2026-6248
Risk Score