| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5488 | ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | Medium | 5.3 | 2026-04-24 03:27:06 | Deep Dive |
| CVE-2026-5464 | ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 7.2 | 2026-04-23 08:28:26 | Deep Dive |
| CVE-2026-1913 | Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute | gallagherwebsitedesign | Gallagher Website Design | Medium | 6.4 | 2026-04-22 09:27:21 | Deep Dive |
| CVE-2026-6712 | Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting | ryhowa | Website LLMs.txt | Medium | 4.4 | 2026-04-21 06:44:00 | Deep Dive |
| CVE-2026-6711 | Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting | ryhowa | Website LLMs.txt | Medium | 6.1 | 2026-04-21 06:44:00 | Deep Dive |
| CVE-2026-3643 | Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API | onthemapmarketing | Accessibly – WordPress Website Accessibility | High | 7.2 | 2026-04-15 08:28:18 | Deep Dive |
| CVE-2026-2509 | Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2026-04-08 13:26:00 | Deep Dive |
| CVE-2026-2481 | Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' | beaverbuilder | Beaver Builder Page Builder – Drag and Drop Website Builder | Medium | 6.4 | 2026-04-08 11:16:58 | Deep Dive |
| CVE-2026-39713 | WordPress Mailercloud – Integrate webforms and synchronize website contacts plugin <= 1.0.7 - Broken Access Control vulnerability | mailercloud | Mailercloud – Integrate webforms and synchronize website contacts | - | - | 2026-04-08 08:30:49 | Deep Dive |
| CVE-2025-14732 | Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2026-04-08 01:24:43 | Deep Dive |
| CVE-2019-25668 | News Website Script 2.0.5 SQL Injection via index.php | Phpscriptsmall | News Website Script | High | 8.2 | 2026-04-05 20:45:22 | Deep Dive |
| CVE-2026-1834 | Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | vowelweb | Ibtana – WordPress Website Builder | Medium | 6.4 | 2026-03-31 05:28:52 | Deep Dive |
| CVE-2026-2442 | Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email' | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 5.3 | 2026-03-28 09:27:10 | Deep Dive |
| CVE-2026-1206 | Elementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template | elemntor | Elementor Website Builder – more than just a page builder | Medium | 4.3 | 2026-03-26 05:29:33 | Deep Dive |
| CVE-2026-4758 | WP Job Portal <= 2.4.9 - Authenticated (Subscriber+) Arbitrary File Deletion via Resume Custom File Field | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | High | 8.8 | 2026-03-25 23:26:02 | Deep Dive |
| CVE-2019-25639 | Matrimony Website Script M-Plus Multiple SQL Injection | Matri4Web | Matrimony Website Script | High | 8.2 | 2026-03-24 11:27:11 | Deep Dive |
| CVE-2026-4306 | WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter | wpjobportal | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | High | 7.5 | 2026-03-23 22:25:40 | Deep Dive |
| CVE-2026-27068 | WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability | Ryan Howard | Website LLMs.txt | High | 7.1 | 2026-03-19 08:42:38 | Deep Dive |
| CVE-2026-32445 | WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability | Elementor | Elementor Website Builder | 中危 | - | 2026-03-13 11:42:20 | Deep Dive |
| CVE-2026-32352 | WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnerability | Elementor | Elementor Website Builder | 中危 | - | 2026-03-13 11:41:59 | Deep Dive |