Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,722
Quick preset (or use dates below)
Clear Filters
Showing 11,361 - 11,380 of 14,604 CVEs
CVE-2026-25451 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.4.

Vendor: boldthemes
Product: Bold Page Builder
Published: Feb 19, 2026
Source: NVD
CVE-2026-25441 MEDIUM - 5.3

Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.

Vendor: LeadConnector
Product: LeadConnector
Published: Feb 19, 2026
Source: NVD
CVE-2026-25432 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.

Vendor: omnipressteam
Product: Omnipress
Published: Feb 19, 2026
Source: NVD
CVE-2026-25428 MEDIUM - 4.4

Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.

Vendor: totalsoft
Product: TS Poll
Published: Feb 19, 2026
Source: NVD
CVE-2026-25420 MEDIUM - 4.3

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.

Vendor: MailerLite
Product: MailerLite
Published: Feb 19, 2026
Source: NVD
CVE-2026-25419 MEDIUM - 4.3

Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.

Vendor: flycart
Product: UpsellWP
Published: Feb 19, 2026
Source: NVD
CVE-2026-25416 MEDIUM - 4.3

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.

Vendor: blazethemes
Product: News Kit Elementor Addons
Published: Feb 19, 2026
Source: NVD
CVE-2026-25415 MEDIUM - 5.3

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.

Vendor: iqonicdesign
Product: WPBookit Pro
Published: Feb 19, 2026
Source: NVD
CVE-2026-25412 MEDIUM - 5.3

Missing Authorization vulnerability in mdempfle Advanced iFrame advanced-iframe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced iFrame: from n/a through <= 2025.10.

Vendor: mdempfle
Product: Advanced iFrame
Published: Feb 19, 2026
Source: NVD
CVE-2026-25411 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <= 2.8.22.

Vendor: themastercut
Product: Revision Manager TMC
Published: Feb 19, 2026
Source: NVD
CVE-2026-25410 MEDIUM - 4.3

Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.

Vendor: tstephenson
Product: WP-CORS
Published: Feb 19, 2026
Source: NVD
CVE-2026-25409 MEDIUM - 4.3

Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.

Vendor: crgeary
Product: JAMstack Deployments
Published: Feb 19, 2026
Source: NVD
CVE-2026-25408 MEDIUM - 5.3

Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.

Vendor: PluginRx
Product: Broken Link Notifier
Published: Feb 19, 2026
Source: NVD
CVE-2026-25407 MEDIUM - 4.3

Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.

Vendor: cookiebot
Product: Cookiebot
Published: Feb 19, 2026
Source: NVD
CVE-2026-25404 MEDIUM - 5.3

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.

Vendor: Automattic
Product: WP Job Manager
Published: Feb 19, 2026
Source: NVD
CVE-2026-25402 MEDIUM - 4.3

Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <...

Vendor: echoplugins
Product: Knowledge Base for Documentation, FAQs with AI Assistance
Published: Feb 19, 2026
Source: NVD
CVE-2026-25399 MEDIUM - 4.3

Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.

Vendor: CryoutCreations
Product: Serious Slider
Published: Feb 19, 2026
Source: NVD
CVE-2026-25395 MEDIUM - 4.3

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through <= 1.1.4.

Vendor: ikreatethemes
Product: Business Roy
Published: Feb 19, 2026
Source: NVD
CVE-2026-25394 MEDIUM - 4.3

Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through <= 1.0.6.

Vendor: sparklewpthemes
Product: Fitness FSE
Published: Feb 19, 2026
Source: NVD
CVE-2026-25393 MEDIUM - 4.3

Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0.6.

Vendor: sparklewpthemes
Product: Hello FSE
Published: Feb 19, 2026
Source: NVD