Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,216
Quick preset (or use dates below)
Clear Filters
Showing 8,421 - 8,440 of 14,200 CVEs
CVE-2026-25437 MEDIUM - 6.5

Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.

Vendor: سید محمدامین هاشمی
Product: GZSEO
Published: Mar 25, 2026
Source: NVD
CVE-2026-25430 MEDIUM - 6.5

Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ni...

Vendor: CRM Perks
Product: Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms
Published: Mar 25, 2026
Source: NVD
CVE-2026-25417 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through <= 5.9.8.1.

Vendor: Metagauss
Product: ProfileGrid
Published: Mar 25, 2026
Source: NVD
CVE-2026-25398 MEDIUM - 6.5

Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vertex Addons for Elementor: from n/a through <= 1.6.4.

Vendor: Webilia Inc.
Product: Vertex Addons for Elementor
Published: Mar 25, 2026
Source: NVD
CVE-2026-25390 MEDIUM - 6.5

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3.

Vendor: Saad Iqbal
Product: New User Approve
Published: Mar 25, 2026
Source: NVD
CVE-2026-25365 MEDIUM - 6.5

Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4.

Vendor: Özgür KARALAR
Product: Kargo Takip
Published: Mar 25, 2026
Source: NVD
CVE-2026-25355 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.

Vendor: skygroup
Product: Sanzo
Published: Mar 25, 2026
Source: NVD
CVE-2026-25344 MEDIUM - 6.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.

Vendor: RadiusTheme
Product: Review Schema
Published: Mar 25, 2026
Source: NVD
CVE-2026-25339 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through <= 1.9.8.7.

Vendor: Syed Balkhi
Product: Contact Form by WPForms
Published: Mar 25, 2026
Source: NVD
CVE-2026-25328 MEDIUM - 6.8

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through <= 2.2.4.

Vendor: add-ons.org
Product: Product File Upload for WooCommerce
Published: Mar 25, 2026
Source: NVD
CVE-2026-25327 MEDIUM - 6.5

Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9.

Vendor: Rustaurius
Product: Five Star Restaurant Reservations
Published: Mar 25, 2026
Source: NVD
CVE-2026-25034 MEDIUM - 6.5

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16.

Vendor: Iqonic Design
Product: KiviCare
Published: Mar 25, 2026
Source: NVD
CVE-2026-25009 MEDIUM - 6.5

Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through <= 1.3.8.

Vendor: raratheme
Product: Education Zone
Published: Mar 25, 2026
Source: NVD
CVE-2026-24987 MEDIUM - 6.5

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7.

Vendor: activity-log.com
Product: WP System Log
Published: Mar 25, 2026
Source: NVD
CVE-2026-24972 MEDIUM - 6.5

Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4.

Vendor: Elated-Themes
Product: Elated Listing
Published: Mar 25, 2026
Source: NVD
CVE-2026-24964 MEDIUM - 6.4

Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1.

Vendor: Wasiliy Strecker / ContestGallery developer
Product: Contest Gallery
Published: Mar 25, 2026
Source: NVD
CVE-2026-24376 MEDIUM - 6.5

Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from n/a through <= 4.2.1.

Vendor: Javier Casares
Product: WPVulnerability
Published: Mar 25, 2026
Source: NVD
CVE-2026-24370 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8.0.

Vendor: Theme-one
Product: The Grid
Published: Mar 25, 2026
Source: NVD
CVE-2026-24364 MEDIUM - 6.5

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.5.

Vendor: weDevs
Product: WP User Frontend
Published: Mar 25, 2026
Source: NVD
CVE-2026-24362 MEDIUM - 6.4

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.

Vendor: bdthemes
Product: Ultimate Post Kit
Published: Mar 25, 2026
Source: NVD