Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,659
Quick preset (or use dates below)
Clear Filters
Showing 9,581 - 9,600 of 14,430 CVEs
CVE-2026-32460 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons fo...

Vendor: Themefic
Product: Ultimate Addons for Contact Form 7
Published: Mar 13, 2026
Source: NVD
CVE-2026-32457 MEDIUM - 5.3

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: ...

Vendor: Wombat Plugins
Product: Advanced Product Fields (Product Addons) for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32456 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.

Vendor: Janis Elsts
Product: Admin Menu Editor
Published: Mar 13, 2026
Source: NVD
CVE-2026-32455 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.

Vendor: RealMag777
Product: MDTF
Published: Mar 13, 2026
Source: NVD
CVE-2026-32454 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.

Vendor: ThemeFusion
Product: Avada Core
Published: Mar 13, 2026
Source: NVD
CVE-2026-32453 MEDIUM - 5.3

Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15.0.

Vendor: ThemeFusion
Product: Avada Core
Published: Mar 13, 2026
Source: NVD
CVE-2026-32452 MEDIUM - 5.3

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Mar 13, 2026
Source: NVD
CVE-2026-32451 MEDIUM - 6.3

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Mar 13, 2026
Source: NVD
CVE-2026-32450 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through &l...

Vendor: RealMag777
Product: Active Products Tables for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32449 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.

Vendor: themifyme
Product: Themify Event Post
Published: Mar 13, 2026
Source: NVD
CVE-2026-32448 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.

Vendor: Eric Teubert
Product: Podlove Podcast Publisher
Published: Mar 13, 2026
Source: NVD
CVE-2026-32447 MEDIUM - 4.3

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.

Vendor: Vito Peleg
Product: Atarim
Published: Mar 13, 2026
Source: NVD
CVE-2026-32446 MEDIUM - 4.3

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.

Vendor: Syed Balkhi
Product: Contact Form by WPForms
Published: Mar 13, 2026
Source: NVD
CVE-2026-32443 MEDIUM - 6.5

Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.

Vendor: Josh Kohlbach
Product: Product Feed PRO for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32442 MEDIUM - 4.3

Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.

Vendor: E2Pdf
Product: e2pdf
Published: Mar 13, 2026
Source: NVD
CVE-2026-32440 MEDIUM - 5.3

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

Vendor: Ex-Themes
Product: WP Food
Published: Mar 13, 2026
Source: NVD
CVE-2026-32439 MEDIUM - 5.3

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

Vendor: WebGeniusLab
Product: BigHearts
Published: Mar 13, 2026
Source: NVD
CVE-2026-32438 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6.

Vendor: vowelweb
Product: VW School Education
Published: Mar 13, 2026
Source: NVD
CVE-2026-32437 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3.

Vendor: vowelweb
Product: VW Portfolio
Published: Mar 13, 2026
Source: NVD
CVE-2026-32436 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through <= 1.3.8.

Vendor: vowelweb
Product: VW Photography
Published: Mar 13, 2026
Source: NVD