الثغرات / Vulnerabilities
بيانات CVE من NVD مع إثراء KEV من CISA وترجمة عربية. المحتوى أدناه مبني على المصادر الرسمية فقط.
| CVE | الشدة | CVSS | مستغلة فعليًا؟ | تاريخ النشر | ملخص عربي |
|---|---|---|---|---|---|
| CVE-2025-71200 | N/A | - | لا | 2026-02-14 | In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduct… |
| CVE-2026-2312 | Medium | 4.3 | لا | 2026-02-14 | The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to,… |
| CVE-2026-1512 | Medium | 6.4 | لا | 2026-02-14 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored… |
| CVE-2026-1843 | High | 7.2 | لا | 2026-02-14 | The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all vers… |
| CVE-2026-1258 | Medium | 4.9 | لا | 2026-02-14 | The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates… |
| CVE-2026-1254 | Medium | 4.3 | لا | 2026-02-14 | The Modula Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to authorization bypass in all… |
| CVE-2026-1249 | Medium | 5.0 | لا | 2026-02-14 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side… |
| CVE-2026-0550 | Medium | 6.4 | لا | 2026-02-14 | The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mycred_load_coupon' shor… |
| CVE-2025-8572 | Critical | 9.8 | لا | 2026-02-14 | The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.… |
| CVE-2026-2024 | High | 7.5 | لا | 2026-02-14 | The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions u… |
| CVE-2026-2022 | Medium | 4.3 | لا | 2026-02-14 | The Smart Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on … |
| CVE-2026-1988 | High | 7.5 | لا | 2026-02-14 | The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all ver… |
| CVE-2026-1987 | Medium | 5.4 | لا | 2026-02-14 | The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and … |
| CVE-2026-1985 | Medium | 6.4 | لا | 2026-02-14 | The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all v… |
| CVE-2026-1944 | Medium | 5.3 | لا | 2026-02-14 | The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a miss… |
| CVE-2026-1939 | Medium | 6.4 | لا | 2026-02-14 | The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` s… |
| CVE-2026-1915 | Medium | 6.4 | لا | 2026-02-14 | The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'pl… |
| CVE-2026-1910 | Medium | 6.4 | لا | 2026-02-14 | The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the … |
| CVE-2026-1905 | Medium | 6.4 | لا | 2026-02-14 | The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the '… |
| CVE-2026-1903 | Medium | 6.4 | لا | 2026-02-14 | The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute… |
| CVE-2026-1901 | Medium | 6.4 | لا | 2026-02-14 | The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortco… |
| CVE-2026-1796 | Medium | 6.1 | لا | 2026-02-14 | The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up… |
| CVE-2026-1795 | Medium | 6.1 | لا | 2026-02-14 | The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versio… |
| CVE-2026-1792 | Medium | 6.1 | لا | 2026-02-14 | The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to… |
| CVE-2026-1394 | Medium | 4.3 | لا | 2026-02-14 | The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inc… |
| CVE-2026-1306 | Critical | 9.8 | لا | 2026-02-14 | The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension… |
| CVE-2026-1303 | Medium | 5.3 | لا | 2026-02-14 | The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and includin… |
| CVE-2026-1187 | Medium | 6.4 | لا | 2026-02-14 | The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of th… |
| CVE-2026-1096 | Medium | 6.4 | لا | 2026-02-14 | The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longit… |
| CVE-2026-0753 | High | 7.2 | لا | 2026-02-14 | The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' … |
| CVE-2026-0751 | Medium | 6.4 | لا | 2026-02-14 | The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'p… |
| CVE-2026-0745 | High | 7.2 | لا | 2026-02-14 | The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and i… |
| CVE-2026-0736 | Medium | 6.4 | لا | 2026-02-14 | The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_i… |
| CVE-2026-0735 | Medium | 4.4 | لا | 2026-02-14 | The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab_color_picker_la… |
| CVE-2026-0727 | Medium | 5.4 | لا | 2026-02-14 | The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, an… |
| CVE-2026-0693 | Medium | 4.4 | لا | 2026-02-14 | The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category … |
| CVE-2026-0559 | Medium | 6.4 | لا | 2026-02-14 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cr… |
| CVE-2026-0557 | Medium | 6.4 | لا | 2026-02-14 | The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortc… |
| CVE-2025-6792 | Medium | 5.3 | لا | 2026-02-14 | The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing … |
| CVE-2025-15483 | Medium | 4.4 | لا | 2026-02-14 | The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all v… |
| CVE-2025-14873 | Medium | 4.3 | لا | 2026-02-14 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Re… |
| CVE-2025-14852 | Medium | 4.3 | لا | 2026-02-14 | The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in… |
| CVE-2026-1932 | Medium | 5.3 | لا | 2026-02-14 | The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data… |
| CVE-2026-2469 | High | 7.2 | لا | 2026-02-14 | Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Ele… |
| CVE-2026-2144 | High | 8.1 | لا | 2026-02-14 | The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and i… |
| CVE-2026-2027 | Medium | 4.4 | لا | 2026-02-14 | The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripti… |
| CVE-2026-1983 | Medium | 4.3 | لا | 2026-02-14 | The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up … |
| CVE-2026-1912 | Medium | 6.4 | لا | 2026-02-14 | The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the '… |
| CVE-2026-1904 | Medium | 6.4 | لا | 2026-02-14 | The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' par… |
| CVE-2026-1754 | Medium | 6.1 | لا | 2026-02-14 | The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in … |