Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,141 - 13,160 of 14,373 CVEs
CVE-2026-24579 MEDIUM - 4.3

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.

Vendor: WP Messiah
Product: Ai Image Alt Text Generator for WP
Published: Jan 23, 2026
Source: NVD
CVE-2026-24578 MEDIUM - 4.3

Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.

Vendor: Jahid Hasan
Product: Admin login URL Change
Published: Jan 23, 2026
Source: NVD
CVE-2026-24577 MEDIUM - 5.3

Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7.

Vendor: Genetech Products
Product: Pie Register
Published: Jan 23, 2026
Source: NVD
CVE-2026-24576 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.

Vendor: COP
Product: UX Flat
Published: Jan 23, 2026
Source: NVD
CVE-2026-24571 MEDIUM - 4.3

Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.

Vendor: boxnow
Product: BOX NOW Delivery
Published: Jan 23, 2026
Source: NVD
CVE-2026-24570 MEDIUM - 5.4

Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.

Vendor: WisdmLabs
Product: Edwiser Bridge
Published: Jan 23, 2026
Source: NVD
CVE-2026-24569 MEDIUM - 4.3

Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.

Vendor: Sully
Product: Media Library File Size
Published: Jan 23, 2026
Source: NVD
CVE-2026-24568 MEDIUM - 5.3

Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.

Vendor: WP Travel
Product: WP Travel
Published: Jan 23, 2026
Source: NVD
CVE-2026-24567 MEDIUM - 4.3

Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.

Vendor: briarinc
Product: Anything Order by Terms
Published: Jan 23, 2026
Source: NVD
CVE-2026-24566 MEDIUM - 6.5

Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.

Vendor: iNET
Product: iNET Webkit
Published: Jan 23, 2026
Source: NVD
CVE-2026-24565 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.0.

Vendor: bPlugins
Product: B Accordion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24564 MEDIUM - 4.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <= 3.6.3.

Vendor: Israpil
Product: Textmetrics
Published: Jan 23, 2026
Source: NVD
CVE-2026-24563 MEDIUM - 4.3

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.

Vendor: Ashan Perera
Product: LifePress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24562 MEDIUM - 5.3

Missing Authorization vulnerability in Ryviu Ryviu &#8211; Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu &#8211; Product Reviews for WooCommerce: from n/a through <= 3.1.26.

Vendor: Ryviu
Product: Ryviu &#8211; Product Reviews for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24561 MEDIUM - 5.4

Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.

Vendor: Mahmudul Hasan Arif
Product: FluentBoards
Published: Jan 23, 2026
Source: NVD
CVE-2026-24560 MEDIUM - 5.4

Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.0.

Vendor: Cloudinary
Product: Cloudinary
Published: Jan 23, 2026
Source: NVD
CVE-2026-24559 MEDIUM - 5.4

Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.3.

Vendor: CRM Perks
Product: Integration for Contact Form 7 HubSpot
Published: Jan 23, 2026
Source: NVD
CVE-2026-24558 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.

Vendor: antoniobg
Product: ABG Rich Pins
Published: Jan 23, 2026
Source: NVD
CVE-2026-24557 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 GetResponse Extension: from n/a through <= 1.0.8.

Vendor: WEN Solutions
Product: Contact Form 7 GetResponse Extension
Published: Jan 23, 2026
Source: NVD
CVE-2026-24556 MEDIUM - 5.3

Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2.

Vendor: wpdive
Product: ElementCamp
Published: Jan 23, 2026
Source: NVD