Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,816
Quick preset (or use dates below)
Clear Filters
Showing 13,081 - 13,100 of 14,713 CVEs
CVE-2026-24601 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5.

Vendor: PenciDesign
Product: Penci Pay Writer
Published: Jan 23, 2026
Source: NVD
CVE-2026-24600 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5.

Vendor: PenciDesign
Product: Penci Review
Published: Jan 23, 2026
Source: NVD
CVE-2026-24599 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.

Vendor: XLPlugins
Product: NextMove Lite
Published: Jan 23, 2026
Source: NVD
CVE-2026-24598 MEDIUM - 4.3

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.

Vendor: bestwebsoft
Product: Multilanguage by BestWebSoft
Published: Jan 23, 2026
Source: NVD
CVE-2026-24596 MEDIUM - 4.7

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1.

Vendor: marynixie
Product: Related Posts Thumbnails Plugin for WordPress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24595 MEDIUM - 5.4

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5.

Vendor: zohocrm
Product: Zoho CRM Lead Magnet
Published: Jan 23, 2026
Source: NVD
CVE-2026-24594 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4.

Vendor: livemesh
Product: Livemesh Addons for WPBakery Page Builder
Published: Jan 23, 2026
Source: NVD
CVE-2026-24593 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.

Vendor: Strategy11 Team
Product: AWP Classifieds
Published: Jan 23, 2026
Source: NVD
CVE-2026-24591 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6.

Vendor: yasir129
Product: Turn Yoast SEO FAQ Block to Accordion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24589 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.

Vendor: Cargus eCommerce
Product: Cargus
Published: Jan 23, 2026
Source: NVD
CVE-2026-24588 MEDIUM - 4.3

Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4.

Vendor: topdevs
Product: Smart Product Viewer
Published: Jan 23, 2026
Source: NVD
CVE-2026-24587 MEDIUM - 5.4

Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.

Vendor: kutsy
Product: AJAX Hits Counter + Popular Posts Widget
Published: Jan 23, 2026
Source: NVD
CVE-2026-24585 MEDIUM - 6.5

Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0.

Vendor: Hyyan Abo Fakher
Product: Hyyan WooCommerce Polylang Integration
Published: Jan 23, 2026
Source: NVD
CVE-2026-24584 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0.

Vendor: Themeum
Product: Tutor LMS BunnyNet Integration
Published: Jan 23, 2026
Source: NVD
CVE-2026-24583 MEDIUM - 5.3

Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9.

Vendor: sumup
Product: SumUp Payment Gateway For WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24581 MEDIUM - 5.4

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through <= 2.9.5.

Vendor: WP Swings
Product: Points and Rewards for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24580 MEDIUM - 4.3

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

Vendor: Ecwid by Lightspeed Ecommerce Shopping Cart
Product: Ecwid Shopping Cart
Published: Jan 23, 2026
Source: NVD
CVE-2026-24579 MEDIUM - 4.3

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.

Vendor: WP Messiah
Product: Ai Image Alt Text Generator for WP
Published: Jan 23, 2026
Source: NVD
CVE-2026-24578 MEDIUM - 4.3

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.

Vendor: Jahid Hasan
Product: Admin login URL Change
Published: Jan 23, 2026
Source: NVD
CVE-2026-24577 MEDIUM - 5.3

Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7.

Vendor: Genetech Products
Product: Pie Register
Published: Jan 23, 2026
Source: NVD