cve.li

Recent

CVE-2026-4483CWE-782

Published 2026-04-08 by Moxa

CVE-2025-1794CWE-79

AM LottiePlayer <= 3.6.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

Published 2026-04-08 by Wordfence

CVE-2026-3781CWE-89

Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter

Published 2026-04-08 by Wordfence

CVE-2026-4141CWE-352

Quran Translations <= 1.7 - Cross-Site Request Forgery to Playlist Settings Form

Published 2026-04-08 by Wordfence

CVE-2026-2838CWE-79

Whole Enquiry Cart for WooCommerce <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter

Published 2026-04-08 by Wordfence

CVE-2026-5506CWE-79

Wavr <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Published 2026-04-08 by Wordfence

CVE-2026-3618CWE-79

Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute

Published 2026-04-08 by Wordfence

CVE-2026-5167CWE-639

Masteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook Endpoint

Published 2026-04-08 by Wordfence

CVE-2026-3477CWE-862

PZ Frontend Manager <= 1.0.6 - Missing Authorization to Arbitrary User Deletion via 'dataType' Parameter

Published 2026-04-08 by Wordfence

CVE-2026-5508CWE-79

WowPress <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Published 2026-04-08 by Wordfence

Load more ↓