CVE Tools

stellarwp

Web & CMS Pluginscommercial

60

Cumulative CVEs

9

Monthly snapshots

#72

Peak rank

Top products

kadence blocks — page builder toolkit for gutenberg editor3 ithemes sync1 membership plugin – restrict content1

Latest CVEs

The 15 most recently published vulnerabilities affecting stellarwp.

CVE-2026-11357Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization4.3Jun 18, 2026
CVE-2026-42643WordPress Image Widget plugin <= 4.4.11 - Cross Site Scripting (XSS) vulnerability5.9Apr 29, 2026
CVE-2026-42642WordPress GiveWP plugin <= 4.14.5 - Broken Access Control vulnerability5.3Apr 29, 2026
CVE-2026-2826Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload4.3Apr 4, 2026
CVE-2026-32546WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability7.5Mar 25, 2026
CVE-2026-3079LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter6.5Mar 24, 2026
CVE-2026-4136Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect4.3Mar 20, 2026
CVE-2026-3585The Events Calendar <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import7.5Mar 10, 2026
CVE-2026-1321Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'8.1Mar 5, 2026
CVE-2026-2694The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API5.4Feb 25, 2026
CVE-2026-27056WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability4.3Feb 19, 2026
CVE-2026-2633Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload4.3Feb 18, 2026
CVE-2026-1857Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter4.3Feb 18, 2026
CVE-2026-1304Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings4.4Feb 18, 2026
CVE-2026-2608Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization4.3Feb 17, 2026