Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,323
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,181 - 24,200 of 42,117 CVEs
CVE-2026-39712 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through <= 5.4.3.

Vendor: tagDiv
Product: tagDiv Composer
Published: Apr 08, 2026
Source: NVD
CVE-2026-39711 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.

Vendor: stmcan
Product: RT-Theme 18 | Extensions
Published: Apr 08, 2026
Source: NVD
CVE-2026-39710 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.

Vendor: stmcan
Product: RT-Theme 18 | Extensions
Published: Apr 08, 2026
Source: NVD
CVE-2026-39709 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4.

Vendor: thetechtribe
Product: The Tribal
Published: Apr 08, 2026
Source: NVD
CVE-2026-39708 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from n/a through <= 1.3.14.

Vendor: uicore
Product: UiCore Elements
Published: Apr 08, 2026
Source: NVD
CVE-2026-39707 MEDIUM - 5.3

Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through <= 4.0.4.

Vendor: ZealousWeb
Product: Accept PayPal Payments using Contact Form 7
Published: Apr 08, 2026
Source: NVD
CVE-2026-39706 MEDIUM - 5.3

Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0.

Vendor: Netro Systems
Product: Make My Trivia
Published: Apr 08, 2026
Source: NVD
CVE-2026-39705 MEDIUM - 5.3

Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Multisite Sync: from n/a through <= 1.4.4.

Vendor: Mulika Team
Product: MIPL WC Multisite Sync
Published: Apr 08, 2026
Source: NVD
CVE-2026-39704 MEDIUM - 5.3

Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing &#8211; Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing &#8...

Vendor: nfusionsolutions
Product: Precious Metals Automated Product Pricing &#8211; Pro
Published: Apr 08, 2026
Source: NVD
CVE-2026-39703 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.8.1.

Vendor: wpbits
Product: WPBITS Addons For Elementor Page Builder
Published: Apr 08, 2026
Source: NVD
CVE-2026-39702 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through <= 2.6.1.

Vendor: Wealcoder
Product: Animation Addons for Elementor
Published: Apr 08, 2026
Source: NVD
CVE-2026-39701 MEDIUM - 5.3

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.

Vendor: Andrew
Product: ShopWP
Published: Apr 08, 2026
Source: NVD
CVE-2026-39700 MEDIUM - 5.3

Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.

Vendor: WPXPO
Product: WowOptin
Published: Apr 08, 2026
Source: NVD
CVE-2026-39699 MEDIUM - 5.3

Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through <= 1.4.2.

Vendor: massiveshift
Product: AI Workflow Automation
Published: Apr 08, 2026
Source: NVD
CVE-2026-39698 MEDIUM - 5.3

Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.

Vendor: PublisherDesk
Product: The Publisher Desk ads.txt
Published: Apr 08, 2026
Source: NVD
CVE-2026-39697 MEDIUM - 5.3

Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO &#8211; The new AI GEO / SEO tool: from n/a through <= 6.2.8.

Vendor: HBSS Technologies
Product: MAIO &#8211; The new AI GEO / SEO tool
Published: Apr 08, 2026
Source: NVD
CVE-2026-39696 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0.

Vendor: Elfsight
Product: Elfsight WhatsApp Chat CC
Published: Apr 08, 2026
Source: NVD
CVE-2026-39695 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.

Vendor: podigee
Product: Podigee
Published: Apr 08, 2026
Source: NVD
CVE-2026-39694 MEDIUM - 5.3

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Apr 08, 2026
Source: NVD
CVE-2026-39693 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.

Vendor: fesomia
Product: FSM Custom Featured Image Caption
Published: Apr 08, 2026
Source: NVD