Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-05-14
CVE-2026-6206 - Mw Wp Form Plugin
The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the _get_post_property_from_querystring() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
PLUGIN
Mw Wp Form
CVE-2026-6206
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-6145 - User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder Plugin
The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.1.5. This is due to the is_admin_creation_process() method relying solely on the presence of action=createuser in the $_REQUEST superglobal without performing any authentication or capability check. This makes it possible for unauthenticated attackers to bypass the admin approval requirement when registering new accounts via the fallback submission path.
PLUGIN
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder
CVE-2026-6145
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-6670 - Media Sync Plugin
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted to the intended uploads directory. This makes it possible for authenticated attackers, with Author-level access and above, to perform actions on files outside of the originally intended directory.
PLUGIN
Media Sync
CVE-2026-6670
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-6225 - Task Management Tool With Kanban Board Plugin
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project_search' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Task Management Tool With Kanban Board
CVE-2026-6225
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-6252 - Meta Field Block Plugin
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Meta Field Block
CVE-2026-6252
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-5365 - Latepoint Plugin
The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 5.3.2. This is due to missing nonce verification on the request_cancellation() function. This makes it possible for unauthenticated attackers to cancel a logged-in customer's bookings via a forged request, granted they can trick the customer into performing an action such as clicking on a link.
PLUGIN
Latepoint
CVE-2026-5365
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-5193 - Widgets Plugin
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks the 'administrator' role. This makes it possible for authenticated attackers, with author level access and above, to create new user accounts with elevated privileges such as editor.
PLUGIN
Widgets
CVE-2026-5193
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-3694 - Bold Page Builder Plugin
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the bt_bb_button shortcode in all versions up to, and including, 5.6.8. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Bold Page Builder
CVE-2026-3694
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-6417 - Gls Shipping For Woocommerce Plugin
The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failed_orders' parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
PLUGIN
Gls Shipping For Woocommerce
CVE-2026-6417
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-5243 - Woocommerce Plugin
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the `menu_hover_click` parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Woocommerce
CVE-2026-5243
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-3829 - Ssl Scan Plugin
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'wple_basic_get_requests' function in all versions up to, and including, 7.8.5.10. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the SSL setup state, force SSL to appear complete, and modify plan selection options.
PLUGIN
Ssl Scan
CVE-2026-3829
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-7648 - Wordpress Lms Plugin For Create And Sell Online Courses
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, which passes the unsanitized parameter array to the add_to_cart() function where array_merge() allows attacker-controlled values to overwrite hardcoded defaults. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in any paid course entirely free of charge by supplying a…
PLUGIN
Wordpress Lms Plugin For Create And Sell Online Courses
CVE-2026-7648
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-7525 - My Calendar Plugin
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with custom-level access and above, to bypass the moderation and approval workflow by tampering with the POST body to publish events or set other unauthorized statuses such as cancelled or private, in ways their role does not permit. While the UI correctly…
PLUGIN
My Calendar
CVE-2026-7525
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-5361 - Envira Gallery Lite Plugin
The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in versions up to and including 1.12.4. This is due to insufficient input sanitization in the update_gallery_data() function and improper output escaping in the gallery_init() function. The sanitize_config_values() function only sanitizes the justified_gallery_theme and justified_row_height parameters, but does not sanitize the arrows parameter. When the arrows value is output in the inline JavaScript configuration, it uses esc_attr() which is designed for HTML attribute contexts, not JavaScript contexts, allowing JavaScript expression injection. This makes…
PLUGIN
Envira Gallery Lite
CVE-2026-5361
Risk Score
Threat Entry
Updated 2026-05-14
CVE-2026-5486 - Unlimited Elements For Elementor Plugin
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'data[filter_search]' parameter in the get_cat_addons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined with direct string concatenation in SQL query construction. The vulnerability is exacerbated because the normalizeAjaxInputData() function calls stripslashes() on all user input, removing the protection provided by WordPress's wp_magic_quotes() function. Subsequently, the filter_search parameter is escaped using the deprecated wpdb->_escape() function and then directly concatenated into…
PLUGIN
Unlimited Elements For Elementor
CVE-2026-5486
Risk Score
Threat Entry
Updated 2026-05-13
CVE-2026-4608 - Profilegrid User Profiles Groups And Communities Plugin
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Profilegrid User Profiles Groups And Communities
CVE-2026-4608
Risk Score
Threat Entry
Updated 2026-05-13
CVE-2026-4607 - Profilegrid User Profiles Groups And Communities Plugin
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pm_set_group_order, pm_set_group_items, and pm_set_field_order AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify site-wide ProfileGrid group settings including group menu order, group list order, group icon display, and field ordering.
PLUGIN
Profilegrid User Profiles Groups And Communities
CVE-2026-4607
Risk Score
Threat Entry
Updated 2026-05-13
CVE-2026-3426 - Rometheme For Elementor Plugin
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-level access and above, to modify or reset site-wide widget configurations.
PLUGIN
Rometheme For Elementor
CVE-2026-3426
Risk Score
Threat Entry
Updated 2026-05-13
CVE-2026-4782 - Avada Builder Plugin
The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.15.2 via the 'fusion_get_svg_from_file' function with the 'custom_svg' parameter of the 'fusion_section_separator' shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability was partially patched in version 3.15.2 and fully patched in version 3.15.3.
PLUGIN
Avada Builder
CVE-2026-4782
Risk Score
Threat Entry
Updated 2026-05-13
CVE-2026-2515 - Hostinger Reach Plugin
The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_ajax_action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use the 'hostinger_reach_connection_notice_action' action to update the API key value stored in the database. This vulnerability can only be exploited when the plugin is not connected to a site and no API key value exists in the database.
PLUGIN
Hostinger Reach
CVE-2026-2515
Risk Score