Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,881
Quick preset (or use dates below)
Clear Filters
Showing 12,541 - 12,560 of 14,675 CVEs
CVE-2026-25020 MEDIUM - 4.3

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0.

Vendor: WP connect
Product: WP Sync for Notion
Published: Feb 03, 2026
Source: NVD
CVE-2026-25019 MEDIUM - 5.3

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.1.

Vendor: Vito Peleg
Product: Atarim
Published: Feb 03, 2026
Source: NVD
CVE-2026-25016 MEDIUM - 4.3

Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through <= 1.3.5.

Vendor: Nelio Software
Product: Nelio Popups
Published: Feb 03, 2026
Source: NVD
CVE-2026-25015 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53.

Vendor: Stiofan
Product: UsersWP
Published: Feb 03, 2026
Source: NVD
CVE-2026-25014 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.

Vendor: themelooks
Product: Enter Addons
Published: Feb 03, 2026
Source: NVD
CVE-2026-25012 MEDIUM - 5.3

Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0.

Vendor: gfazioli
Product: WP Bannerize Pro
Published: Feb 03, 2026
Source: NVD
CVE-2026-25011 MEDIUM - 4.3

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= 7.41.

Vendor: Northern Beaches Websites
Product: WP Custom Admin Interface
Published: Feb 03, 2026
Source: NVD
CVE-2026-25010 MEDIUM - 5.3

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.

Vendor: ILLID
Product: Share This Image
Published: Feb 03, 2026
Source: NVD
CVE-2026-24998 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data.This issue affects Hustle: from n/a through <= 7.8.9.2.

Vendor: WPMU DEV - Your All-in-One WordPress Platform
Product: Hustle
Published: Feb 03, 2026
Source: NVD
CVE-2026-24997 MEDIUM - 5.3

Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through <= 2.8.

Vendor: Wired Impact
Product: Wired Impact Volunteer Management
Published: Feb 03, 2026
Source: NVD
CVE-2026-24996 MEDIUM - 4.3

Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through <= 0.6.4.

Vendor: wpelemento
Product: WPElemento Importer
Published: Feb 03, 2026
Source: NVD
CVE-2026-24995 MEDIUM - 4.3

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.0.

Vendor: Iulia Cazan
Product: Latest Post Shortcode
Published: Feb 03, 2026
Source: NVD
CVE-2026-24994 MEDIUM - 5.3

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.2.

Vendor: sunshinephotocart
Product: Sunshine Photo Cart
Published: Feb 03, 2026
Source: NVD
CVE-2026-24992 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1...

Vendor: WPFactory
Product: Advanced WooCommerce Product Sales Reporting
Published: Feb 03, 2026
Source: NVD
CVE-2026-24991 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0.

Vendor: HT Plugins
Product: Extensions For CF7
Published: Feb 03, 2026
Source: NVD
CVE-2026-24990 MEDIUM - 5.4

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.

Vendor: Fahad Mahmood
Product: WP Docs
Published: Feb 03, 2026
Source: NVD
CVE-2026-24988 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode &amp; Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode &amp; Block: from n/a through ...

Vendor: Brian Hogg
Product: The Events Calendar Shortcode &amp; Block
Published: Feb 03, 2026
Source: NVD
CVE-2026-24986 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through <= 1.9.1.

Vendor: wp.insider
Product: Simple Membership WP user Import
Published: Feb 03, 2026
Source: NVD
CVE-2026-24985 MEDIUM - 4.3

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through <= 1.8.2.

Vendor: approveme
Product: WP Forms Signature Contract Add-On
Published: Feb 03, 2026
Source: NVD
CVE-2026-24982 MEDIUM - 5.3

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.17.

Vendor: Brainstorm Force
Product: Spectra
Published: Feb 03, 2026
Source: NVD