Common Vulnerabilities and Exposures (CVE)

CVE-2026-2433

Mar 9, 2026 18:28:59 UTC

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via postMessage in all versions up to, and including, 5.0.11. This is due to the plugin's admin...

CVE-2026-1569

Mar 9, 2026 18:28:53 UTC

The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wueen-blocket` shortcode in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping on user supplied a...

CVE-2026-1805

Mar 9, 2026 18:28:48 UTC

The DA Media GigList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's damedia_giglist shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user...

CVE-2026-1574

Mar 9, 2026 18:28:41 UTC

The MyQtip – easy qTip2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `myqtip` shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user sup...

CVE-2026-1820

Mar 9, 2026 18:28:35 UTC

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmalt_sc_div_update_alt_text' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitizatio...

CVE-2026-1073

Mar 9, 2026 18:28:29 UTC

The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in `inc/purchase-...

CVE-2026-1074

Mar 9, 2026 18:28:23 UTC

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and including, 1.5. This is due to insufficient input sanitization and output escaping combined wit...

CVE-2026-1823

Mar 9, 2026 18:28:17 UTC

The Consensus Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's consensus shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-1824

Mar 9, 2026 18:28:11 UTC

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpoint_login' parameter of the infomaniak_connect_generic_auth_url shortcode in all versions up to, and including, 1.0.2 due to i...

CVE-2026-1825

Mar 9, 2026 18:28:05 UTC

The Show YouTube video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'syv' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied ...

CVE-2026-3630

Mar 9, 2026 18:27:58 UTC

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

CVE-2026-1085

Mar 9, 2026 18:27:56 UTC

The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action. This makes it possible for unauthentic...

CVE-2026-1086

Mar 9, 2026 18:27:48 UTC

The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the settings update functionality. This makes ...

CVE-2026-1087

Mar 9, 2026 18:27:41 UTC

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unau...

CVE-2026-3631

Mar 9, 2026 18:27:33 UTC

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.