Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,707
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,401 - 11,420 of 14,221 CVEs
CVE-2026-25333 MEDIUM - 5.3

Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11.

Vendor: peregrinethemes
Product: Shopwell
Published: Feb 19, 2026
Source: NVD
CVE-2026-25332 MEDIUM - 5.3

Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through <= 2.2.9.

Vendor: Fahad Mahmood
Product: Endless Posts Navigation
Published: Feb 19, 2026
Source: NVD
CVE-2026-25330 MEDIUM - 4.3

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.

Vendor: PublishPress
Product: PublishPress Authors
Published: Feb 19, 2026
Source: NVD
CVE-2026-25325 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8.

Vendor: rtCamp
Product: rtMedia for WordPress, BuddyPress and bbPress
Published: Feb 19, 2026
Source: NVD
CVE-2026-25324 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.

Vendor: ExpressTech Systems
Product: Quiz And Survey Master
Published: Feb 19, 2026
Source: NVD
CVE-2026-25322 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.

Vendor: PublishPress
Product: PublishPress Revisions
Published: Feb 19, 2026
Source: NVD
CVE-2026-25321 MEDIUM - 5.3

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.

Vendor: PSM Plugins
Product: SupportCandy
Published: Feb 19, 2026
Source: NVD
CVE-2026-25320 MEDIUM - 5.3

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.

Vendor: Cool Plugins
Product: Elementor Contact Form DB
Published: Feb 19, 2026
Source: NVD
CVE-2026-25319 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6.

Vendor: wpzita
Product: Zita Elementor Site Library
Published: Feb 19, 2026
Source: NVD
CVE-2026-25318 MEDIUM - 4.3

Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.

Vendor: Wisernotify team
Product: WiserReview Product Reviews for WooCommerce
Published: Feb 19, 2026
Source: NVD
CVE-2026-25315 MEDIUM - 5.3

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.

Vendor: hcaptcha
Product: hCaptcha for WP
Published: Feb 19, 2026
Source: NVD
CVE-2026-25314 MEDIUM - 4.3

Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.

Vendor: WP Messiah
Product: TOP Table Of Contents
Published: Feb 19, 2026
Source: NVD
CVE-2026-25313 MEDIUM - 4.3

Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.

Vendor: Shahjahan Jewel
Product: FluentForm
Published: Feb 19, 2026
Source: NVD
CVE-2026-25311 MEDIUM - 5.4

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through <= 2.3.1.

Vendor: 10up
Product: Autoshare for Twitter
Published: Feb 19, 2026
Source: NVD
CVE-2026-25310 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0.

Vendor: Alobaidi
Product: Extend Link
Published: Feb 19, 2026
Source: NVD
CVE-2026-25308 MEDIUM - 4.3

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through <= 4.6.9.

Vendor: wp.insider
Product: Simple Membership
Published: Feb 19, 2026
Source: NVD
CVE-2026-25307 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.

Vendor: 8theme
Product: XStore Core
Published: Feb 19, 2026
Source: NVD
CVE-2026-25008 MEDIUM - 4.3

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.

Vendor: Shahjahan Jewel
Product: Ninja Tables
Published: Feb 19, 2026
Source: NVD
CVE-2026-25005 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5.

Vendor: N-Media
Product: Frontend File Manager
Published: Feb 19, 2026
Source: NVD
CVE-2026-25003 MEDIUM - 4.3

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through <= 1.2.1.

Vendor: madalin.ungureanu
Product: Client Portal
Published: Feb 19, 2026
Source: NVD