We get it — your site sits on a stack everyone else is trying to break. WebVuln™ is a working index of known web vulnerabilities for those platforms.
Total CVEs
5337
Stacks with data
16
High / critical
2353
Newest published
2026-06-27
| CVE | Stack | Summary | Severity | CVSS | Published | Detail |
|---|---|---|---|---|---|---|
| CVE-2026-12415 | WordPress | The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_ed… | CRITICAL | 9.8 | Details | |
| CVE-2026-13422 | WordPress | The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrec… | MEDIUM | 4.3 | Details | |
| CVE-2026-13335 | WordPress | The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all … | MEDIUM | 6.4 | Details | |
| CVE-2026-13333 | WordPress | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]'… | MEDIUM | 6.5 | Details | |
| CVE-2026-13331 | WordPress | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' pa… | MEDIUM | 6.5 | Details | |
| CVE-2026-11356 | WordPress | The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_mag… | MEDIUM | 4.4 | Details | |
| CVE-2026-57518 | PHP | Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission t… | HIGH | 8.8 | Details | |
| CVE-2026-0685 | Express | Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker … | CRITICAL | 9.8 | Details | |
| CVE-2026-56057 | PHP | Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions. | CRITICAL | 9.8 | Details | |
| CVE-2026-56055 | PHP | Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions. | HIGH | 8.8 | Details | |
| CVE-2026-56032 | PHP | Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions. | CRITICAL | 9.8 | Details | |
| CVE-2026-56031 | PHP | Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions. | HIGH | 8.1 | Details | |
| CVE-2026-56011 | WordPress | Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions. | HIGH | 7.1 | Details | |
| CVE-2025-68063 | WordPress | Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions. | HIGH | 7.5 | Details | |
| CVE-2026-1869 | WordPress | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & … | MEDIUM | 6.5 | Details | |
| CVE-2026-8380 | WordPress | The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent d… | MEDIUM | 6.5 | Details | |
| CVE-2026-10835 | WordPress | The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions… | HIGH | 7.7 | Details | |
| CVE-2026-10823 | WordPress | The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a u… | HIGH | 7.5 | Details | |
| CVE-2025-10268 | WordPress | The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it p… | MEDIUM | 5.3 | Details | |
| CVE-2026-8797 | Express | An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbi… | — | — | Details |
WebVuln™ lists NVD records that match our curated web-stack keywords — not personalized security advice. For your own site, run WebCheck™.