Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,722
Quick preset (or use dates below)
Clear Filters
Showing 11,381 - 11,400 of 14,604 CVEs
CVE-2026-25392 MEDIUM - 4.7

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search ...

Vendor: KaizenCoders
Product: Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress
Published: Feb 19, 2026
Source: NVD
CVE-2026-25391 MEDIUM - 5.4

Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.3.07.

Vendor: WP Grids
Product: WP Wand
Published: Feb 19, 2026
Source: NVD
CVE-2026-25388 MEDIUM - 5.4

Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.

Vendor: scripteo
Product: Ads Pro
Published: Feb 19, 2026
Source: NVD
CVE-2026-25386 MEDIUM - 5.3

Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.

Vendor: Elementor
Product: Ally
Published: Feb 19, 2026
Source: NVD
CVE-2026-25385 MEDIUM - 5.5

Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.

Vendor: KaizenCoders
Product: URL Shortify
Published: Feb 19, 2026
Source: NVD
CVE-2026-25384 MEDIUM - 5.3

Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.

Vendor: WP Lab
Product: WP-Lister Lite for eBay
Published: Feb 19, 2026
Source: NVD
CVE-2026-25375 MEDIUM - 4.3

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through <= 3.6.10.

Vendor: WP Chill
Product: Image Photo Gallery Final Tiles Grid
Published: Feb 19, 2026
Source: NVD
CVE-2026-25374 MEDIUM - 5.3

Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through <= 1.3.2.

Vendor: raratheme
Product: Spa and Salon
Published: Feb 19, 2026
Source: NVD
CVE-2026-25372 MEDIUM - 6.5

Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.

Vendor: Kodezen LLC
Product: Academy LMS
Published: Feb 19, 2026
Source: NVD
CVE-2026-25370 MEDIUM - 5.3

Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.

Vendor: AresIT
Product: WP Compress
Published: Feb 19, 2026
Source: NVD
CVE-2026-25368 MEDIUM - 6.5

Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1.

Vendor: codepeople
Product: Calculated Fields Form
Published: Feb 19, 2026
Source: NVD
CVE-2026-25367 MEDIUM - 5.3

Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.

Vendor: NooTheme
Product: CitiLights
Published: Feb 19, 2026
Source: NVD
CVE-2026-25364 MEDIUM - 5.3

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8.

Vendor: BoldGrid
Product: Client Invoicing by Sprout Invoices
Published: Feb 19, 2026
Source: NVD
CVE-2026-25362 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.

Vendor: FooPlugins
Product: FooGallery
Published: Feb 19, 2026
Source: NVD
CVE-2026-25348 MEDIUM - 5.3

Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.10.15.

Vendor: alttextai
Product: Download Alt Text AI
Published: Feb 19, 2026
Source: NVD
CVE-2026-25343 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.

Vendor: VeronaLabs
Product: WP SMS
Published: Feb 19, 2026
Source: NVD
CVE-2026-25338 MEDIUM - 5.3

Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4.

Vendor: Ays Pro
Product: AI ChatBot with ChatGPT and Content Generator by AYS
Published: Feb 19, 2026
Source: NVD
CVE-2026-25337 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.

Vendor: wpcoachify
Product: Coachify
Published: Feb 19, 2026
Source: NVD
CVE-2026-25336 MEDIUM - 5.3

Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through <= 1.1.5.

Vendor: wpcoachify
Product: Coachify
Published: Feb 19, 2026
Source: NVD
CVE-2026-25335 MEDIUM - 4.3

Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 5.0.0...

Vendor: Ays Pro
Product: Secure Copy Content Protection and Content Locking
Published: Feb 19, 2026
Source: NVD