Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,121 - 13,140 of 14,373 CVEs
CVE-2026-24604 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0.

Vendor: themebeez
Product: Simple GDPR Cookie Compliance
Published: Jan 23, 2026
Source: NVD
CVE-2026-24603 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.

Vendor: themebeez
Product: Universal Google Adsense and Ads manager
Published: Jan 23, 2026
Source: NVD
CVE-2026-24602 MEDIUM - 5.3

Missing Authorization vulnerability in Raptive Raptive Ads adthrive-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Raptive Ads: from n/a through <= 3.10.0.

Vendor: Raptive
Product: Raptive Ads
Published: Jan 23, 2026
Source: NVD
CVE-2026-24601 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5.

Vendor: PenciDesign
Product: Penci Pay Writer
Published: Jan 23, 2026
Source: NVD
CVE-2026-24600 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5.

Vendor: PenciDesign
Product: Penci Review
Published: Jan 23, 2026
Source: NVD
CVE-2026-24599 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.

Vendor: XLPlugins
Product: NextMove Lite
Published: Jan 23, 2026
Source: NVD
CVE-2026-24598 MEDIUM - 4.3

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.

Vendor: bestwebsoft
Product: Multilanguage by BestWebSoft
Published: Jan 23, 2026
Source: NVD
CVE-2026-24596 MEDIUM - 4.7

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through <= 4.3.1.

Vendor: marynixie
Product: Related Posts Thumbnails Plugin for WordPress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24595 MEDIUM - 5.4

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5.

Vendor: zohocrm
Product: Zoho CRM Lead Magnet
Published: Jan 23, 2026
Source: NVD
CVE-2026-24594 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through <= 3.9.4.

Vendor: livemesh
Product: Livemesh Addons for WPBakery Page Builder
Published: Jan 23, 2026
Source: NVD
CVE-2026-24593 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.

Vendor: Strategy11 Team
Product: AWP Classifieds
Published: Jan 23, 2026
Source: NVD
CVE-2026-24591 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6.

Vendor: yasir129
Product: Turn Yoast SEO FAQ Block to Accordion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24589 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.

Vendor: Cargus eCommerce
Product: Cargus
Published: Jan 23, 2026
Source: NVD
CVE-2026-24588 MEDIUM - 4.3

Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4.

Vendor: topdevs
Product: Smart Product Viewer
Published: Jan 23, 2026
Source: NVD
CVE-2026-24587 MEDIUM - 5.4

Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305.

Vendor: kutsy
Product: AJAX Hits Counter + Popular Posts Widget
Published: Jan 23, 2026
Source: NVD
CVE-2026-24585 MEDIUM - 6.5

Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0.

Vendor: Hyyan Abo Fakher
Product: Hyyan WooCommerce Polylang Integration
Published: Jan 23, 2026
Source: NVD
CVE-2026-24584 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0.

Vendor: Themeum
Product: Tutor LMS BunnyNet Integration
Published: Jan 23, 2026
Source: NVD
CVE-2026-24583 MEDIUM - 5.3

Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9.

Vendor: sumup
Product: SumUp Payment Gateway For WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24581 MEDIUM - 5.4

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through <= 2.9.5.

Vendor: WP Swings
Product: Points and Rewards for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24580 MEDIUM - 4.3

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

Vendor: Ecwid by Lightspeed Ecommerce Shopping Cart
Product: Ecwid Shopping Cart
Published: Jan 23, 2026
Source: NVD