"> media library assistant < = 3. 34 - authenticated ( contributor + ) sql injection 6. 5 cvss rating 6. 5 ( medium ) cve - id cve - 2026 - 34885 patch status patched published apr 6, 2026 affected software media library assistant [ media - library - assistant ] researcher sajjad …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
95%
"[ webappick - product - feed - for - woocommerce ] researcher daroo more details > bear – bulk editor and products manager professional for woocommerce by pluginus. net < = 1. 1. 5 - cross - site request forgery to product data modification 6. 5 cvss rating 6. 5 ( medium ) cve - …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
86%
"( critical ) cve - id cve - 2026 - 39583 patch status patched published apr 8, 2026 affected software datalogics ecommerce delivery – datalogics [ datalogics ] researcher jarno vos ( jarnovos ) more details > dsgvo google web fonts gdpr < = 1. 1 - unauthenticated arbitrary file u…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
72%
"( medium ) cve - id cve - 2026 - 5169 patch status unpatched published apr 7, 2026 affected software inquiry form to posts or pages [ inquiry - form - to - posts - or - pages ] researcher muhammad nur ibnu hubab ( ibnu ) more details > whole enquiry cart for woocommerce < = 1. 2.…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
60%
"- 0814 patch status patched published apr 8, 2026 affected software advanced contact form 7 db [ advanced - cf7 - db ] researcher kai aizen more details > aruba hispeed cache < = 3. 0. 4 - cross - site request forgery to plugin settings reset 4. 3 cvss rating 4. 3 ( medium ) cve …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
45%
"blog2social : social media auto post & scheduler < = 8. 8. 3 - authenticated ( subscriber + ) insecure direct object reference to arbitrary post schedule modification via ' b2s _ id ' parameter 4. 3 cvss rating 4. 3 ( medium ) cve - id cve - 2026 - 4330 patch status patched publi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
39%
"##prodhan ) 1 sander horsman 1 andres cruciani 1 kate kligman 1 h0xilo 1 afnaan 1 maurice fielenbach ( hexastrike ) 1 alex thomas 1 nquangit 1 abi wiranata 1 are you a security researcher who would like to be featured in our weekly vulnerability report? you can responsibly disclo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
31%
"##uthenticated php object injection 8. 1 cvss rating 8. 1 ( high ) cve - id cve - 2026 - 39557 patch status patched published apr 8, 2026 affected software neobeat - music wordpress theme [ neobeat ] researcher denver jackson more details > perfmatters < = 2. 5. 9 - authenticated…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Last week, there were 153 vulnerabilities disclosed in 117 WordPress Plugins and 23 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 74 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.