Associated Vulnerability

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-3177	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook	smub	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More	Medium	5.3	2026-04-07 07:40:14	Deep Dive
CVE-2026-2924	Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'imageLoad'	jegstudio	Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem	Medium	6.4	2026-04-04 02:26:20	Deep Dive
CVE-2026-4267	Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI	johnbillion	Query Monitor	High	7.2	2026-03-31 11:29:49	Deep Dive
CVE-2026-1834	Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	vowelweb	Ibtana – WordPress Website Builder	Medium	6.4	2026-03-31 05:28:52	Deep Dive
CVE-2025-12886	Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path	Laborator	Oxygen - WooCommerce WordPress Theme	High	7.2	2026-03-28 02:26:37	Deep Dive
CVE-2026-22523	WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability	themepassion	Ultra WordPress Admin	High	7.1	2026-03-25 16:14:29	Deep Dive
CVE-2026-23806	WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability	BlueGlass Interactive AG	Jobs for WordPress	High	7.5	2026-03-25 16:14:29	Deep Dive
CVE-2026-3225	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion	thimpress	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	Medium	4.3	2026-03-23 22:25:41	Deep Dive
CVE-2026-4314	The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module	wpextended	The Ultimate WordPress Toolkit – WP Extended	High	8.8	2026-03-22 03:26:34	Deep Dive
CVE-2026-4072	WordPress PayPal Donation <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute	tstachl	WordPress PayPal Donation	Medium	6.4	2026-03-21 03:26:57	Deep Dive
CVE-2026-1886	Go Night Pro \| WordPress Dark Mode Plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'margin' Shortcode Attribute	hrs2015	Go Night Pro \| WordPress Dark Mode Plugin	Medium	6.4	2026-03-21 03:26:45	Deep Dive
CVE-2026-2424	Reward Video Ad for WordPress <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings	applixir	Reward Video Ad for WordPress	Medium	4.4	2026-03-21 03:26:42	Deep Dive
CVE-2026-3567	RepairBuddy <= 4.1132 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via wc_rep_shop_settings_submission AJAX Action	sweetdaisy86	RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress	Medium	5.3	2026-03-20 23:25:13	Deep Dive
CVE-2026-27096	WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability	BuddhaThemes	ColorFolio - Freelance Designer WordPress Theme	High	8.1	2026-03-19 05:31:42	Deep Dive
CVE-2026-1947	NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id	webaways	NEX-Forms – Ultimate Forms Plugin for WordPress	High	7.5	2026-03-15 01:19:06	Deep Dive
CVE-2026-1948	NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license	webaways	NEX-Forms – Ultimate Forms Plugin for WordPress	Medium	4.3	2026-03-14 03:24:14	Deep Dive
CVE-2026-32412	WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability	Gift Up!	Gift Up Gift Cards for WordPress and WooCommerce	中危	-	2026-03-13 11:42:15	Deep Dive
CVE-2026-32409	WordPress Forminator plugin <= 1.50.2 - Broken Access Control vulnerability	WPMU DEV - Your All-in-One WordPress Platform	Forminator	中危	-	2026-03-13 11:42:14	Deep Dive
CVE-2026-3226	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering	thimpress	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	Medium	4.3	2026-03-12 02:22:37	Deep Dive
CVE-2026-3906	WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API	WordPress Foundation	WordPress	Medium	4.3	2026-03-11 09:25:44	Deep Dive

Support Us — Your donation helps us keep running

Associated Vulnerability