Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,294
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,301 - 24,320 of 42,117 CVEs
CVE-2026-39563 MEDIUM - 5.3

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.

Vendor: ILLID
Product: Share This Image
Published: Apr 08, 2026
Source: NVD
CVE-2026-39562 MEDIUM - 5.3

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.

Vendor: BoldGrid
Product: Client Invoicing by Sprout Invoices
Published: Apr 08, 2026
Source: NVD
CVE-2026-39561 MEDIUM - 5.3

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7.

Vendor: WP Chill
Product: Revive.so
Published: Apr 08, 2026
Source: NVD
CVE-2026-39544 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3.

Vendor: themeStek
Product: LabtechCO
Published: Apr 08, 2026
Source: NVD
CVE-2026-39543 MEDIUM - 5.3

Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4.

Vendor: Themefic
Product: Tourfic
Published: Apr 08, 2026
Source: NVD
CVE-2026-39542 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.

Vendor: Doofinder
Product: Doofinder for WooCommerce
Published: Apr 08, 2026
Source: NVD
CVE-2026-39541 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38.

Vendor: Themefic
Product: Hydra Booking
Published: Apr 08, 2026
Source: NVD
CVE-2026-39538 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6.

Vendor: Mikado-Themes
Product: Mikado Core
Published: Apr 08, 2026
Source: NVD
CVE-2026-39536 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.

Vendor: WP Chill
Product: RSVP and Event Management
Published: Apr 08, 2026
Source: NVD
CVE-2026-39535 MEDIUM - 5.3

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through <= 6.5.6.

Vendor: fullworks
Product: Display Eventbrite Events
Published: Apr 08, 2026
Source: NVD
CVE-2026-39528 MEDIUM - 5.3

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5.

Vendor: WP Delicious
Product: WP Delicious
Published: Apr 08, 2026
Source: NVD
CVE-2026-39526 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < 4.11.2.

Vendor: wpstream
Product: WpStream
Published: Apr 08, 2026
Source: NVD
CVE-2026-39521 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.

Vendor: Nelio Software
Product: Nelio Content
Published: Apr 08, 2026
Source: NVD
CVE-2026-39520 MEDIUM - 5.3

Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18.

Vendor: weDevs
Product: weDocs
Published: Apr 08, 2026
Source: NVD
CVE-2026-39517 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a through <= 1.7.6.

Vendor: A WP Life
Product: Blog Filter
Published: Apr 08, 2026
Source: NVD
CVE-2026-39516 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.

Vendor: POSIMYTH
Product: Nexter Blocks
Published: Apr 08, 2026
Source: NVD

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.11...

Vendor: WP Chill
Product: Image Photo Gallery Final Tiles Grid
Published: Apr 08, 2026
Source: NVD
CVE-2026-39509 MEDIUM - 5.3

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.

Vendor: wpWax
Product: Directorist
Published: Apr 08, 2026
Source: NVD
CVE-2026-39508 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a thro...

Vendor: Josh Kohlbach
Product: Advanced Coupons for WooCommerce Coupons
Published: Apr 08, 2026
Source: NVD
CVE-2026-39506 MEDIUM - 4.3

Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a through < 3.4.2.

Vendor: Jordy Meow
Product: AI Engine (Pro)
Published: Apr 08, 2026
Source: NVD