Vulnerabilities in smub
91 resultsCVE-2026-7792MEDIUMWPForms <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity via PayPal Commerce Webhook EndpointEPSS 0.2%CVE-2026-8613MEDIUMaThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget SettingEPSS 0.2%CVE-2025-12837MEDIUMaThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action WidgetEPSS 0.2%CVE-2025-1314MEDIUMCustom Twitter Feeds <= 2.2.5 - Cross-Site Request Forgery to Cache Reset via ctf_clear_cache_admin FunctionEPSS 0.2%CVE-2026-1236MEDIUMEnvira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST APIEPSS 0.2%CVE-2025-4583MEDIUMSmash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` AttributeEPSS 0.2%CVE-2025-5275MEDIUMCharitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy SettingsEPSS 0.2%CVE-2026-3177MEDIUMCharitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe WebhookEPSS 0.2%CVE-2025-11448MEDIUMGallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery ConversionEPSS 0.2%CVE-2025-8102MEDIUMEasy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install FunctionsEPSS 0.2%CVE-2026-7533MEDIUMEasy Digital Downloads <= 3.6.7 - Cross-Site Request Forgery to Payment Account Hijacking via 'square_tokens' ParameterEPSS 0.1%