سامي
سامي الغامدي
مستشار Fyntralink · متاح الآن
مدعوم بالذكاء الاصطناعي · Fyntralink
0536890919 info@fyntralink.com
تغذية مباشرة من NVD & CISA

قاعدة بيانات الثغرات الأمنية CVE Intelligence

بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى مبني على المصادر الرسمية فقط.

إعادة ضبط
عرض صفحة 4 من 27 (1330 ثغرة)
CVE ID الشدة CVSS KEV مستغلة؟ تاريخ النشر الملخص
CVE-2025-71200 N/A لا 2026-02-14 In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 m…
CVE-2026-2312 Medium 4.3 لا 2026-02-14 The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.…
CVE-2026-1512 Medium 6.4 لا 2026-02-14 The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scriptin…
CVE-2026-1843 High 7.2 لا 2026-02-14 The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and incl…
CVE-2026-1258 Medium 4.9 لا 2026-02-14 The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/imp…
CVE-2026-1254 Medium 4.3 لا 2026-02-14 The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and…
CVE-2026-1249 Medium 5.0 لا 2026-02-14 The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in …
CVE-2026-0550 Medium 6.4 لا 2026-02-14 The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred_load_coupon' shortcode in all version…
CVE-2025-8572 Critical 9.8 لا 2026-02-14 The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to in…
CVE-2026-2024 High 7.5 لا 2026-02-14 The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including,…
CVE-2026-2022 Medium 4.3 لا 2026-02-14 The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'rednao_smart_fo…
CVE-2026-1988 High 7.5 لا 2026-02-14 The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inc…
CVE-2026-1987 Medium 5.4 لا 2026-02-14 The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. Th…
CVE-2026-1985 Medium 6.4 لا 2026-02-14 The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and i…
CVE-2026-1944 Medium 5.3 لا 2026-02-14 The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
CVE-2026-1939 Medium 6.4 لا 2026-02-14 The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` shortcode in all vers…
CVE-2026-1915 Medium 6.4 لا 2026-02-14 The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all…
CVE-2026-1910 Medium 6.4 لا 2026-02-14 The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of …
CVE-2026-1905 Medium 6.4 لا 2026-02-14 The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show_sphere_image' s…
CVE-2026-1903 Medium 6.4 لا 2026-02-14 The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb_ravelry_…
CVE-2026-1901 Medium 6.4 لا 2026-02-14 The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions u…
CVE-2026-1796 Medium 6.1 لا 2026-02-14 The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, …
CVE-2026-1795 Medium 6.1 لا 2026-02-14 The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and includ…
CVE-2026-1792 Medium 6.1 لا 2026-02-14 The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0…
CVE-2026-1394 Medium 4.3 لا 2026-02-14 The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is…
CVE-2026-1306 Critical 9.8 لا 2026-02-14 The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the '…
CVE-2026-1303 Medium 5.3 لا 2026-02-14 The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is du…
CVE-2026-1187 Medium 6.4 لا 2026-02-14 The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcod…
CVE-2026-1096 Medium 6.4 لا 2026-02-14 The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters o…
CVE-2026-0753 High 7.2 لا 2026-02-14 The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' parameter in all ver…
CVE-2026-0751 Medium 6.4 لا 2026-02-14 The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricing_plan_select_t…
CVE-2026-0745 High 7.2 لا 2026-02-14 The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due…
CVE-2026-0736 Medium 6.4 لا 2026-02-14 The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_inpost_head_script[sy…
CVE-2026-0735 Medium 4.4 لا 2026-02-14 The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab_color_picker_language_switch' param…
CVE-2026-0727 Medium 5.4 لا 2026-02-14 The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. …
CVE-2026-0693 Medium 4.4 لا 2026-02-14 The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all …
CVE-2026-0559 Medium 6.4 لا 2026-02-14 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting v…
CVE-2026-0557 Medium 6.4 لا 2026-02-14 The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all versions …
CVE-2025-6792 Medium 5.3 لا 2026-02-14 The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on …
CVE-2025-15483 Medium 4.4 لا 2026-02-14 The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all versions up to, and i…
CVE-2025-14873 Medium 4.3 لا 2026-02-14 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2025-14852 Medium 4.3 لا 2026-02-14 The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This…
CVE-2026-1932 Medium 5.3 لا 2026-02-14 The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ca…
CVE-2026-2469 High 7.2 لا 2026-02-14 Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used…
CVE-2026-2144 High 8.1 لا 2026-02-14 The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This…
CVE-2026-2027 Medium 4.4 لا 2026-02-14 The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custo…
CVE-2026-1983 Medium 4.3 لا 2026-02-14 The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1…
CVE-2026-1912 Medium 6.4 لا 2026-02-14 The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in …
CVE-2026-1904 Medium 6.4 لا 2026-02-14 The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accor…
CVE-2026-1754 Medium 6.1 لا 2026-02-14 The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, …