Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,812
Quick preset (or use dates below)
Clear Filters
Showing 13,101 - 13,120 of 14,713 CVEs
CVE-2026-24576 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.

Vendor: COP
Product: UX Flat
Published: Jan 23, 2026
Source: NVD
CVE-2026-24571 MEDIUM - 4.3

Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.

Vendor: boxnow
Product: BOX NOW Delivery
Published: Jan 23, 2026
Source: NVD
CVE-2026-24570 MEDIUM - 5.4

Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.

Vendor: WisdmLabs
Product: Edwiser Bridge
Published: Jan 23, 2026
Source: NVD
CVE-2026-24569 MEDIUM - 4.3

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.

Vendor: Sully
Product: Media Library File Size
Published: Jan 23, 2026
Source: NVD
CVE-2026-24568 MEDIUM - 5.3

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.

Vendor: WP Travel
Product: WP Travel
Published: Jan 23, 2026
Source: NVD
CVE-2026-24567 MEDIUM - 4.3

Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.

Vendor: briarinc
Product: Anything Order by Terms
Published: Jan 23, 2026
Source: NVD
CVE-2026-24566 MEDIUM - 6.5

Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.

Vendor: iNET
Product: iNET Webkit
Published: Jan 23, 2026
Source: NVD
CVE-2026-24565 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.0.

Vendor: bPlugins
Product: B Accordion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24564 MEDIUM - 4.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.3.

Vendor: Israpil
Product: Textmetrics
Published: Jan 23, 2026
Source: NVD
CVE-2026-24563 MEDIUM - 4.3

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.

Vendor: Ashan Perera
Product: LifePress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24562 MEDIUM - 5.3

Missing Authorization vulnerability in Ryviu Ryviu &#8211; Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu &#8211; Product Reviews for WooCommerce: from n/a through <= 3.1.26.

Vendor: Ryviu
Product: Ryviu &#8211; Product Reviews for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24561 MEDIUM - 5.4

Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.

Vendor: Mahmudul Hasan Arif
Product: FluentBoards
Published: Jan 23, 2026
Source: NVD
CVE-2026-24560 MEDIUM - 5.4

Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.0.

Vendor: Cloudinary
Product: Cloudinary
Published: Jan 23, 2026
Source: NVD
CVE-2026-24559 MEDIUM - 5.4

Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.

Vendor: CRM Perks
Product: Integration for Contact Form 7 HubSpot
Published: Jan 23, 2026
Source: NVD
CVE-2026-24558 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.

Vendor: antoniobg
Product: ABG Rich Pins
Published: Jan 23, 2026
Source: NVD
CVE-2026-24557 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.

Vendor: WEN Solutions
Product: Contact Form 7 GetResponse Extension
Published: Jan 23, 2026
Source: NVD
CVE-2026-24556 MEDIUM - 5.3

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2.

Vendor: wpdive
Product: ElementCamp
Published: Jan 23, 2026
Source: NVD
CVE-2026-24555 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1.

Vendor: artplacer
Product: ArtPlacer Widget
Published: Jan 23, 2026
Source: NVD
CVE-2026-24553 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n...

Vendor: Dotstore
Product: Fraud Prevention For Woocommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24551 MEDIUM - 5.4

Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.

Vendor: monetagwp
Product: Monetag Official Plugin
Published: Jan 23, 2026
Source: NVD