Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,816
Quick preset (or use dates below)
Clear Filters
Showing 13,061 - 13,080 of 14,713 CVEs
CVE-2026-24627 MEDIUM - 4.3

Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through <= 2.0.0.

Vendor: Trusona
Product: Trusona for WordPress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24626 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through <= 4.9.0.

Vendor: LogicHunt
Product: Logo Slider
Published: Jan 23, 2026
Source: NVD
CVE-2026-24625 MEDIUM - 5.3

Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3.

Vendor: Imaginate Solutions
Product: File Uploads Addon for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24623 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.

Vendor: saeros1984
Product: Neoforum
Published: Jan 23, 2026
Source: NVD
CVE-2026-24622 MEDIUM - 5.4

Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through <= 5.0.

Vendor: Sergiy Dzysyak
Product: Suggestion Toolkit
Published: Jan 23, 2026
Source: NVD
CVE-2026-24621 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through <= 3.4.9.

Vendor: Vladimir Statsenko
Product: Terms descriptions
Published: Jan 23, 2026
Source: NVD
CVE-2026-24620 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3.

Vendor: PluginOps
Product: Landing Page Builder
Published: Jan 23, 2026
Source: NVD
CVE-2026-24619 MEDIUM - 5.3

Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.

Vendor: PopCash
Product: PopCash.Net Code Integration Tool
Published: Jan 23, 2026
Source: NVD
CVE-2026-24617 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.

Vendor: Daniel Iser
Product: Easy Modal
Published: Jan 23, 2026
Source: NVD
CVE-2026-24616 MEDIUM - 6.5

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.

Vendor: Damian
Product: WP Popups
Published: Jan 23, 2026
Source: NVD
CVE-2026-24615 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.

Vendor: themebeez
Product: Cream Magazine
Published: Jan 23, 2026
Source: NVD
CVE-2026-24614 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.8.

Vendor: Devsbrain
Product: Flex QR Code Generator
Published: Jan 23, 2026
Source: NVD
CVE-2026-24613 MEDIUM - 5.3

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

Vendor: Ecwid by Lightspeed Ecommerce Shopping Cart
Product: Ecwid Shopping Cart
Published: Jan 23, 2026
Source: NVD
CVE-2026-24612 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.

Vendor: themebeez
Product: Orchid Store
Published: Jan 23, 2026
Source: NVD
CVE-2026-24607 MEDIUM - 5.3

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.

Vendor: wptravelengine
Product: Travel Monster
Published: Jan 23, 2026
Source: NVD
CVE-2026-24606 MEDIUM - 5.3

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.11.

Vendor: Web Impian
Product: Bayarcash WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24605 MEDIUM - 4.3

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.

Vendor: pencilwp
Product: X Addons for Elementor
Published: Jan 23, 2026
Source: NVD
CVE-2026-24604 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.

Vendor: themebeez
Product: Simple GDPR Cookie Compliance
Published: Jan 23, 2026
Source: NVD
CVE-2026-24603 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.

Vendor: themebeez
Product: Universal Google Adsense and Ads manager
Published: Jan 23, 2026
Source: NVD
CVE-2026-24602 MEDIUM - 5.3

Missing Authorization vulnerability in Raptive Raptive Ads adthrive-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Raptive Ads: from n/a through <= 3.10.0.

Vendor: Raptive
Product: Raptive Ads
Published: Jan 23, 2026
Source: NVD