Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,836
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,081 - 13,100 of 14,345 CVEs
CVE-2026-24621 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through <= 3.4.9.

Vendor: Vladimir Statsenko
Product: Terms descriptions
Published: Jan 23, 2026
Source: NVD
CVE-2026-24620 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3.

Vendor: PluginOps
Product: Landing Page Builder
Published: Jan 23, 2026
Source: NVD
CVE-2026-24619 MEDIUM - 5.3

Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8.

Vendor: PopCash
Product: PopCash.Net Code Integration Tool
Published: Jan 23, 2026
Source: NVD
CVE-2026-24617 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.

Vendor: Daniel Iser
Product: Easy Modal
Published: Jan 23, 2026
Source: NVD
CVE-2026-24616 MEDIUM - 6.5

Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.

Vendor: Damian
Product: WP Popups
Published: Jan 23, 2026
Source: NVD
CVE-2026-24615 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10.

Vendor: themebeez
Product: Cream Magazine
Published: Jan 23, 2026
Source: NVD
CVE-2026-24614 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through <= 1.2.8.

Vendor: Devsbrain
Product: Flex QR Code Generator
Published: Jan 23, 2026
Source: NVD
CVE-2026-24613 MEDIUM - 5.3

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

Vendor: Ecwid by Lightspeed Ecommerce Shopping Cart
Product: Ecwid Shopping Cart
Published: Jan 23, 2026
Source: NVD
CVE-2026-24612 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.

Vendor: themebeez
Product: Orchid Store
Published: Jan 23, 2026
Source: NVD
CVE-2026-24607 MEDIUM - 5.3

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through <= 1.3.3.

Vendor: wptravelengine
Product: Travel Monster
Published: Jan 23, 2026
Source: NVD
CVE-2026-24606 MEDIUM - 5.3

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.11.

Vendor: Web Impian
Product: Bayarcash WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24605 MEDIUM - 4.3

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.

Vendor: pencilwp
Product: X Addons for Elementor
Published: Jan 23, 2026
Source: NVD
CVE-2026-24604 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.

Vendor: themebeez
Product: Simple GDPR Cookie Compliance
Published: Jan 23, 2026
Source: NVD
CVE-2026-24603 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.

Vendor: themebeez
Product: Universal Google Adsense and Ads manager
Published: Jan 23, 2026
Source: NVD
CVE-2026-24602 MEDIUM - 5.3

Missing Authorization vulnerability in Raptive Raptive Ads adthrive-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Raptive Ads: from n/a through <= 3.10.0.

Vendor: Raptive
Product: Raptive Ads
Published: Jan 23, 2026
Source: NVD
CVE-2026-24601 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5.

Vendor: PenciDesign
Product: Penci Pay Writer
Published: Jan 23, 2026
Source: NVD
CVE-2026-24600 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5.

Vendor: PenciDesign
Product: Penci Review
Published: Jan 23, 2026
Source: NVD
CVE-2026-24599 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.

Vendor: XLPlugins
Product: NextMove Lite
Published: Jan 23, 2026
Source: NVD
CVE-2026-24598 MEDIUM - 4.3

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.

Vendor: bestwebsoft
Product: Multilanguage by BestWebSoft
Published: Jan 23, 2026
Source: NVD
CVE-2026-24596 MEDIUM - 4.7

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1.

Vendor: marynixie
Product: Related Posts Thumbnails Plugin for WordPress
Published: Jan 23, 2026
Source: NVD