Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,621 - 9,640 of 14,061 CVEs
CVE-2026-32428 MEDIUM - 5.3

Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.

Vendor: Ays Pro
Product: Popup Like box
Published: Mar 13, 2026
Source: NVD
CVE-2026-32427 MEDIUM - 5.3

Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n/a through <= 2.2.0.

Vendor: vowelweb
Product: VW Education Lite
Published: Mar 13, 2026
Source: NVD
CVE-2026-32425 MEDIUM - 5.3

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.

Vendor: linknacional
Product: Payment Gateway Pix For GiveWP
Published: Mar 13, 2026
Source: NVD
CVE-2026-32424 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.

Vendor: BoldGrid
Product: Sprout Clients
Published: Mar 13, 2026
Source: NVD
CVE-2026-32423 MEDIUM - 5.4

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.

Vendor: Bowo
Product: Admin and Site Enhancements (ASE)
Published: Mar 13, 2026
Source: NVD
CVE-2026-32421 MEDIUM - 5.3

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.

Vendor: Agile Logix
Product: Post Timeline
Published: Mar 13, 2026
Source: NVD
CVE-2026-32420 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.

Vendor: Ruben Garcia
Product: GamiPress
Published: Mar 13, 2026
Source: NVD
CVE-2026-32419 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1.

Vendor: Fernando Briano
Product: List category posts
Published: Mar 13, 2026
Source: NVD
CVE-2026-32417 MEDIUM - 5.4

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.

Vendor: wppochipp
Product: Pochipp
Published: Mar 13, 2026
Source: NVD
CVE-2026-32416 MEDIUM - 5.4

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

Vendor: bPlugins
Product: PDF Poster
Published: Mar 13, 2026
Source: NVD
CVE-2026-32415 MEDIUM - 5.0

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

Vendor: Bogdan Bendziukov
Product: Squeeze
Published: Mar 13, 2026
Source: NVD
CVE-2026-32413 MEDIUM - 5.3

Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.

Vendor: Maciej Bis
Product: Permalink Manager Lite
Published: Mar 13, 2026
Source: NVD
CVE-2026-32412 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.

Vendor: Gift Up!
Product: Gift Up Gift Cards for WordPress and WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32411 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.

Vendor: Simpma
Product: Embed Calendly
Published: Mar 13, 2026
Source: NVD
CVE-2026-32410 MEDIUM - 5.3

Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.

Vendor: WBW Plugins
Product: WBW Currency Switcher for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32409 MEDIUM - 5.3

Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.

Vendor: WPMU DEV - Your All-in-One WordPress Platform
Product: Forminator
Published: Mar 13, 2026
Source: NVD
CVE-2026-32408 MEDIUM - 4.3

Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.

Vendor: themefusecom
Product: Brizy
Published: Mar 13, 2026
Source: NVD
CVE-2026-32407 MEDIUM - 4.3

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.

Vendor: WPClever
Product: WPC Smart Wishlist for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32406 MEDIUM - 4.3

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.

Vendor: WPClever
Product: WPC Product Bundles for WooCommerce
Published: Mar 13, 2026
Source: NVD
CVE-2026-32405 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.

Vendor: xtemos
Product: WoodMart
Published: Mar 13, 2026
Source: NVD