"sql injection via ' order ' and ' orderby ' parameters 6. 5 cvss rating 6. 5 ( medium ) cve - id cve - 2026 - 4817 patch status patched published apr 16, 2026 affected software masterstudy lms wordpress plugin – for online courses and education [ masterstudy - lms - learning - ma…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
93%
"##ine < = 3. 8. 6. 1 - unauthenticated sql injection via ' _ cct _ search ' parameter 7. 5 cvss rating 7. 5 ( high ) cve - id cve - 2026 - 4352 patch status patched published apr 13, 2026 affected software jetengine [ jet - engine ] researcher h0xilo more details > payment gatewa…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
91%
"( medium ) cve - id cve - 2026 - 6441 patch status unpatched published apr 16, 2026 affected software canto [ canto ] researcher legion hunter more details > cms fur motorrad werkstatten < = 1. 0. 0 - cross - site request forgery 4. 3 cvss rating 4. 3 ( medium ) cve - id cve - 20…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
81%
"1. 2 - unauthenticated sql injection via ' options ' parameter keys in product _ data 7. 5 cvss rating 7. 5 ( high ) cve - id cve - 2026 - 3599 patch status unpatched published apr 15, 2026 affected software riaxe product customizer [ riaxe - product - customizer ] researcher kai…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
79%
"site scripting ' ) 48 missing authorization 27 improper neutralization of special elements used in an sql command ( ' sql injection ' ) 15 improper limitation of a pathname to a restricted directory ( ' path traversal ' ) 10 deserialization of untrusted data 9 cross - site reques…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
67%
"##uzzaman prodhan ( nomanprodhan ) more details > payment gateway for redsys & woocommerce lite < = 7. 0. 0 - missing authorization 5. 3 cvss rating 5. 3 ( medium ) cve - id cve - 2026 - 40741 patch status patched published apr 16, 2026 affected software payment gateway for redsy…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
64%
"userpro - community and user profile wordpress plugin < 5. 1. 11 - cross - site request forgery 4. 3 cvss rating 4. 3 ( medium ) cve - id cve - 2025 - 53444 patch status patched published apr 15, 2026 affected software userpro - community and user profile wordpress plugin [ userp…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
58%
"##ce intelligence. this database is continuously updated, maintained, and populated by wordfence ’ s highly credentialed and experienced vulnerability researchers through in - house vulnerability research, vulnerability researchers submitting directly to us through our bug bounty…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
50%
"details > livemesh addons by elementor < = 9. 0 - authenticated ( contributor + ) local file inclusion via widget template parameter 8. 8 cvss rating 8. 8 ( high ) cve - id cve - 2026 - 1620 patch status unpatched published apr 15, 2026 affected software livemesh addons by elemen…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
49%
"deletion via ajax _ attach _ file 8. 8 cvss rating 8. 8 ( high ) cve - id cve - 2026 - 3464 patch status patched published apr 17, 2026 affected software wp customer area [ customer - area ] researcher shark3y more details > wpstream – live streaming, video on demand, pay per vie…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
44%
"apr 16, 2026 affected software unlimited elements for elementor [ unlimited - elements - for - elementor ] researcher dmitrii ignatyev more details > wp directory kit < = 1. 5. 0 - unauthenticated sql injection 7. 5 cvss rating 7. 5 ( high ) cve - id cve - 2026 - 39531 patch stat…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
43%
"( medium ) cve - id cve - 2026 - 39513 patch status patched published apr 13, 2026 affected software easy appointments [ easy - appointments ] researcher martin martin more details > fluent forms – customizable contact forms, survey, quiz, & conversational form builder < = 6. 1. …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
33%
"woobewoo [ woo - product - pricing - tables ] researcher muhammad nur ibnu hubab ( ibnu ) more details > user registration & membership < = 5. 1. 4 - unauthenticated open redirect via ' redirect _ to _ on _ logout ' parameter 6. 1 cvss rating 6. 1 ( medium ) cve - id cve - 2026 -…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
31%
"##icated sensitive financial data exposure via sequential invoice id 5. 3 cvss rating 5. 3 ( medium ) cve - id cve - 2026 - 5234 patch status patched published apr 16, 2026 affected software latepoint – calendar booking plugin for appointments and events [ latepoint ] researcher …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to ... Read More