Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,309
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,221 - 24,240 of 42,117 CVEs
CVE-2026-39672 MEDIUM - 5.3

Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.

Vendor: shiptime
Product: ShipTime: Discounted Shipping Rates
Published: Apr 08, 2026
Source: NVD
CVE-2026-39671 HIGH - 7.1

Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.

Vendor: Dotstore
Product: Extra Fees Plugin for WooCommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39670 MEDIUM - 6.0

Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.

Vendor: Brecht
Product: Visual Link Preview
Published: Apr 08, 2026
Source: NVD
CVE-2026-39669 MEDIUM - 5.3

Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.

Vendor: NitroPack
Product: NitroPack
Published: Apr 08, 2026
Source: NVD
CVE-2026-39668 MEDIUM - 5.3

Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.

Vendor: g5theme
Product: Book Previewer for Woocommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39667 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.

Vendor: Jongmyoung Kim
Product: Korea SNS
Published: Apr 08, 2026
Source: NVD
CVE-2026-39666 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1.

Vendor: telepathy
Product: Hello Bar Popup Builder
Published: Apr 08, 2026
Source: NVD
CVE-2026-39665 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.

Vendor: Vladimir Prelovac
Product: SEO Friendly Images
Published: Apr 08, 2026
Source: NVD
CVE-2026-39664 MEDIUM - 5.3

Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.

Vendor: leadrebel
Product: Leadrebel
Published: Apr 08, 2026
Source: NVD
CVE-2026-39663 MEDIUM - 5.3

Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.

Vendor: themetechmount
Product: TrueBooker
Published: Apr 08, 2026
Source: NVD
CVE-2026-39662 MEDIUM - 5.3

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.

Vendor: ProWCPlugins
Product: Product Price by Formula for WooCommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39660 MEDIUM - 5.3

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1.

Vendor: Automattic
Product: WP Job Manager
Published: Apr 08, 2026
Source: NVD
CVE-2026-39659 MEDIUM - 5.3

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3.

Vendor: Ultimate Member
Product: Ultimate Member
Published: Apr 08, 2026
Source: NVD
CVE-2026-39658 MEDIUM - 5.3

Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda Pods Repeater Field: from n/a through <= 1.5.12.

Vendor: Coding Panda
Product: Panda Pods Repeater Field
Published: Apr 08, 2026
Source: NVD
CVE-2026-39657 MEDIUM - 5.3

Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/a through <= 1.0.2.

Vendor: leadlovers
Product: leadlovers forms
Published: Apr 08, 2026
Source: NVD
CVE-2026-39656 MEDIUM - 5.3

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2.

Vendor: Razorpay
Product: Razorpay for WooCommerce
Published: Apr 08, 2026
Source: NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.8.

Vendor: Ashish Ajani
Product: WP Simple HTML Sitemap
Published: Apr 08, 2026
Source: NVD
CVE-2026-39653 MEDIUM - 4.3

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.

Vendor: Deepen Bajracharya
Product: Video Conferencing with Zoom
Published: Apr 08, 2026
Source: NVD
CVE-2026-39652 MEDIUM - 5.3

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through <= 1.3.

Vendor: igms
Product: iGMS Direct Booking
Published: Apr 08, 2026
Source: NVD
CVE-2026-39651 MEDIUM - 6.3

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

Vendor: TotalSuite
Product: Total Poll Lite
Published: Apr 08, 2026
Source: NVD