We get it — your site sits on a stack everyone else is trying to break. WebVuln™ is a working index of known web vulnerabilities for those platforms.
Total CVEs
4353
Stacks with data
16
High / critical
1935
Newest published
2026-05-22
| CVE | Stack | Summary | Severity | CVSS | Published | Detail |
|---|---|---|---|---|---|---|
| CVE-2026-9011 | WordPress | The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, a… | HIGH | 7.5 | Details | |
| CVE-2026-8692 | WordPress | The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypa… | MEDIUM | 4.3 | Details | |
| CVE-2026-8684 | WordPress | The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is… | MEDIUM | 5.3 | Details | |
| CVE-2026-8679 | WordPress | The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is du… | HIGH | 7.5 | Details | |
| CVE-2026-7798 | WordPress | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vul… | MEDIUM | 5.4 | Details | |
| CVE-2026-7636 | WordPress | The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all… | MEDIUM | 4.3 | Details | |
| CVE-2026-7615 | WordPress | The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is du… | MEDIUM | 4.3 | Details | |
| CVE-2026-9104 | WordPress | The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including,… | MEDIUM | 6.4 | Details | |
| CVE-2026-9018 | WordPress | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up … | HIGH | 8.8 | Details | |
| CVE-2026-7509 | WordPress | The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `… | MEDIUM | 6.4 | Details | |
| CVE-2026-7249 | WordPress | The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_… | MEDIUM | 4.3 | Details | |
| CVE-2026-6864 | WordPress | The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all version… | MEDIUM | 6.1 | Details | |
| CVE-2026-4070 | WordPress | The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This … | MEDIUM | 4.3 | Details | |
| CVE-2026-3481 | WordPress | The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to an… | MEDIUM | 6.1 | Details | |
| CVE-2026-2518 | WordPress | The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on … | MEDIUM | 4.3 | Details | |
| CVE-2026-4834 | WordPress | The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5… | HIGH | 7.5 | Details | |
| CVE-2026-7881 | Express | Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail block via the exEntryID para… | — | — | Details | |
| CVE-2026-6960 | WordPress | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_… | CRITICAL | 9.8 | Details | |
| CVE-2026-4929 | Drupal | Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Conf… | — | — | Details | |
| CVE-2026-4093 | Drupal | In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A (token displ… | — | — | Details |
WebVuln™ lists NVD records that match our curated web-stack keywords — not personalized security advice. For your own site, run WebCheck™.