Common Vulnerabilities and Exposures (CVE)

CVE-2026-0678

Jan 14, 2026 05:28:08 UTC

The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter...

CVE-2026-0694

Jan 14, 2026 05:28:07 UTC

The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in search results in all versions up to, and including, 1.0.0. This is due to the plugin using `esc_attr()` instead of `esc_html()` when outputt...

CVE-2025-15283

Jan 14, 2026 05:28:07 UTC

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and 'name_directory_description' parameters in all versions up to, and including, 1.30.3 due to insufficient input sanitizat...

CVE-2025-14379

Jan 14, 2026 05:28:07 UTC

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2025-15377

Jan 14, 2026 05:28:06 UTC

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content' function. This makes it possible for un...

CVE-2025-14301

Jan 14, 2026 05:28:05 UTC

The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths witho...

CVE-2026-0680

Jan 14, 2026 05:28:05 UTC

The Real Post Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2025-14725

Jan 14, 2026 05:28:05 UTC

The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for ...

CVE-2026-0717

Jan 14, 2026 05:28:04 UTC

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possi...

CVE-2025-14389

Jan 14, 2026 05:28:04 UTC

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the p...

CVE-2025-14615

Jan 14, 2026 05:28:03 UTC

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in ...

CVE-2026-0594

Jan 14, 2026 05:28:02 UTC

The List Site Contributors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'alpha' parameter in versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it poss...

CVE-2026-22718

Jan 14, 2026 05:10:58 UTC

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.

CVE-2026-21299

Jan 14, 2026 04:57:52 UTC

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...

CVE-2026-21298

Jan 14, 2026 04:57:51 UTC

Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in...