Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-2382 — FPW Category Thumbnails <= 1.9.5 - Authenticated (Subscriber+) Stored Cross-Site Scriptin…

The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get_file' AJAX action in all versions up to, and including, 1.9.5. …

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
8.8 HIGH
CVE-2026-1784 — Ose-cluster-ingress-operator: remote code execution through haproxy configuration injecti…

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was…

Jun 02, 2026 Jun 11, 2026
Jun 02, 2026
Jun 11, 2026
6.1 MEDIUM
CVE-2026-1451 — rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'a' Parameter

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escapi…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
6.1 MEDIUM
CVE-2026-1450 — rognone <= 0.6.2 - Reflected Cross-Site Scripting via 'mode' Parameter

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output esc…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
5.5 MEDIUM
CVE-2025-5085 — wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogr…

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization an…

Remote | Cross-Site Scripting
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
7.5 HIGH
CVE-2026-8293 — Really Simple Security < 9.5.10.1 - Authentication Bypass via Two-Factor OTP Skip

The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user…

Remote | Authentication
Jun 02, 2026 Jun 02, 2026
Jun 02, 2026
Jun 02, 2026
Showing 20 of 7946 Results