CVE Security

medium 5.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable t...

Web

CVE-2026-7798

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to...

Web

CVE-2026-4070

Lire l'article

medium 6.1

28/05/2026

Vulnérabilité medium détectée - CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, an...

Web

CVE-2026-6864

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7249

The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_update_bloc...

Web

CVE-2026-7249

Lire l'article

medium 6.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attr...

Web

CVE-2026-7509

Lire l'article

high 8.8

28/05/2026

Vulnérabilité high détectée - CVE-2026-9018

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and i...

Web

CVE-2026-9018

Lire l'article

medium 6.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-9104

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due ...

Web

CVE-2026-9104

Lire l'article

high 7.5

28/05/2026

Vulnérabilité high détectée - CVE-2026-4834

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is...

Web

CVE-2026-4834

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-2518

The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultp_i...

Web

CVE-2026-2518

Lire l'article

medium 6.1

28/05/2026

Vulnérabilité medium détectée - CVE-2026-3481

The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including...

Applications Web

CVE-2026-3481

Lire l'article

critical 9.3

28/05/2026

Vulnérabilité critical détectée - CVE-2026-9264

A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration thro...

Web

CVE-2026-9264

Lire l'article

medium 6.5

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8435

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CM...

Web

CVE-2026-8435

Lire l'article