| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6145 | User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2026-05-14 08:24:27 | Deep Dive |
| CVE-2026-6206 | MW WP Form <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'post_id' Query Parameter | websoudan | MW WP Form | Medium | 5.3 | 2026-05-14 08:24:27 | Deep Dive |
| CVE-2026-6174 | CC Child Pages <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'more' Parameter | caterhamcomputing | CC Child Pages | Medium | 6.4 | 2026-05-14 08:24:27 | Deep Dive |
| CVE-2026-6514 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Arbitrary File Read via 'url' Parameter | Infused Addons | InfusedWoo Pro | High | 7.5 | 2026-05-14 08:24:26 | Deep Dive |
| CVE-2026-6252 | Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute | mr2p | Meta Field Block – Display custom fields in the Block Editor without coding | Medium | 6.4 | 2026-05-14 06:44:14 | Deep Dive |
| CVE-2026-6670 | Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters | erolsk8 | Media Sync | Medium | 6.5 | 2026-05-14 06:44:14 | Deep Dive |
| CVE-2026-3718 | ManageWP Worker <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting via 'MWP-Key-Name' Header | managewp | ManageWP Worker | High | 7.2 | 2026-05-14 06:44:13 | Deep Dive |
| CVE-2026-3694 | Bold Page Builder <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode | boldthemes | Bold Page Builder | Medium | 6.4 | 2026-05-14 06:44:13 | Deep Dive |
| CVE-2026-5365 | LatePoint <= 5.3.2 - Cross-Site Request Forgery via 'customer_cabinet__request_cancellation' AJAX Route | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 4.3 | 2026-05-14 06:44:12 | Deep Dive |
| CVE-2026-5395 | Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | High | 8.2 | 2026-05-14 06:44:12 | Deep Dive |
| CVE-2026-6506 | InfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta Update | Infused Addons | InfusedWoo Pro | High | 8.8 | 2026-05-14 06:44:11 | Deep Dive |
| CVE-2026-6225 | Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter | taskbuilder | Taskbuilder – Project Management & Task Management Tool With Kanban Board | Medium | 6.5 | 2026-05-14 06:44:11 | Deep Dive |
| CVE-2026-6510 | InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe' | Infused Addons | InfusedWoo Pro | Critical | 9.8 | 2026-05-14 06:44:10 | Deep Dive |
| CVE-2026-3892 | Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion via 'stm_dealer_logo_path' Parameter | stylemix | Motors – Car Dealership & Classified Listings Plugin | High | 8.1 | 2026-05-14 06:44:10 | Deep Dive |
| CVE-2026-5193 | Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.5 | 2026-05-14 06:44:10 | Deep Dive |
| CVE-2026-6271 | Career Section <= 1.7 - Unauthenticated Arbitrary File Upload | shahinurislam | Career Section | Critical | 9.8 | 2026-05-14 06:44:09 | Deep Dive |
| CVE-2025-12669 | Improper Control of Generation of Code ('Code Injection') in GitLab | GitLab | GitLab | Medium | 5.4 | 2026-05-14 05:38:37 | Deep Dive |
| CVE-2025-13874 | Authorization Bypass Through User-Controlled Key in GitLab | GitLab | GitLab | Medium | 4.3 | 2026-05-14 05:38:27 | Deep Dive |
| CVE-2025-14869 | Improper Validation of Specified Quantity in Input in GitLab | GitLab | GitLab | High | 7.5 | 2026-05-14 05:38:03 | Deep Dive |
| CVE-2025-14870 | Allocation of Resources Without Limits or Throttling in GitLab | GitLab | GitLab | High | 7.5 | 2026-05-14 05:37:33 | Deep Dive |