Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,601 - 9,620 of 14,061 CVEs
CVE-2026-32452 MEDIUM - 5.3

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Mar 13, 2026
Source: NVD
CVE-2026-32451 MEDIUM - 6.3

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a through < 3.15.0.

Vendor: ThemeFusion
Product: Fusion Builder
Published: Mar 13, 2026
Source: NVD
CVE-2026-32450 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through &l...

Vendor: RealMag777
Product: Active Products Tables for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32449 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.

Vendor: themifyme
Product: Themify Event Post
Published: Mar 13, 2026
Source: NVD
CVE-2026-32448 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.

Vendor: Eric Teubert
Product: Podlove Podcast Publisher
Published: Mar 13, 2026
Source: NVD
CVE-2026-32447 MEDIUM - 4.3

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.

Vendor: Vito Peleg
Product: Atarim
Published: Mar 13, 2026
Source: NVD
CVE-2026-32446 MEDIUM - 4.3

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.

Vendor: Syed Balkhi
Product: Contact Form by WPForms
Published: Mar 13, 2026
Source: NVD
CVE-2026-32443 MEDIUM - 6.5

Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.

Vendor: Josh Kohlbach
Product: Product Feed PRO for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32442 MEDIUM - 4.3

Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.

Vendor: E2Pdf
Product: e2pdf
Published: Mar 13, 2026
Source: NVD
CVE-2026-32440 MEDIUM - 5.3

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

Vendor: Ex-Themes
Product: WP Food
Published: Mar 13, 2026
Source: NVD
CVE-2026-32439 MEDIUM - 5.3

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

Vendor: WebGeniusLab
Product: BigHearts
Published: Mar 13, 2026
Source: NVD
CVE-2026-32438 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through <= 1.4.6.

Vendor: vowelweb
Product: VW School Education
Published: Mar 13, 2026
Source: NVD
CVE-2026-32437 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1.3.3.

Vendor: vowelweb
Product: VW Portfolio
Published: Mar 13, 2026
Source: NVD
CVE-2026-32436 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through <= 1.3.8.

Vendor: vowelweb
Product: VW Photography
Published: Mar 13, 2026
Source: NVD
CVE-2026-32435 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7.

Vendor: vowelweb
Product: VW Pet Shop
Published: Mar 13, 2026
Source: NVD
CVE-2026-32434 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.

Vendor: vowelweb
Product: VW Fitness
Published: Mar 13, 2026
Source: NVD
CVE-2026-32432 MEDIUM - 5.3

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.42.

Vendor: codepeople
Product: WP Time Slots Booking Form
Published: Mar 13, 2026
Source: NVD
CVE-2026-32431 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bulk Edit: from n/a through <= 1.2.10.

Vendor: Brainstorm Force
Product: Astra Bulk Edit
Published: Mar 13, 2026
Source: NVD
CVE-2026-32430 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.This issue affects PowerPack Addons for Elementor: from n/a through <= 2.9.9.

Vendor: IdeaBox Creations
Product: PowerPack Addons for Elementor
Published: Mar 13, 2026
Source: NVD
CVE-2026-32429 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.

Vendor: Noor Alam
Product: Magical Addons For Elementor
Published: Mar 13, 2026
Source: NVD