Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,161 - 13,180 of 14,373 CVEs
CVE-2026-24555 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1.

Vendor: artplacer
Product: ArtPlacer Widget
Published: Jan 23, 2026
Source: NVD
CVE-2026-24553 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n...

Vendor: Dotstore
Product: Fraud Prevention For Woocommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24551 MEDIUM - 5.4

Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.

Vendor: monetagwp
Product: Monetag Official Plugin
Published: Jan 23, 2026
Source: NVD
CVE-2026-24550 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15.

Vendor: Kaira
Product: Blockons
Published: Jan 23, 2026
Source: NVD
CVE-2026-24549 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory geodirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a through <= 2.8.147.

Vendor: Paolo
Product: GeoDirectory
Published: Jan 23, 2026
Source: NVD
CVE-2026-24548 MEDIUM - 5.3

Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91.

Vendor: Prince
Product: Radio Player
Published: Jan 23, 2026
Source: NVD
CVE-2026-24544 MEDIUM - 4.3

Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.

Vendor: Harmonic Design
Product: HD Quiz
Published: Jan 23, 2026
Source: NVD
CVE-2026-24543 MEDIUM - 4.3

Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.

Vendor: Horea Radu
Product: Materialis Companion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24542 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0.

Vendor: John James Jacoby
Product: WP Term Order
Published: Jan 23, 2026
Source: NVD
CVE-2026-24541 MEDIUM - 5.3

Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.

Vendor: mkscripts
Product: Download After Email
Published: Jan 23, 2026
Source: NVD
CVE-2026-24540 MEDIUM - 5.4

Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5.

Vendor: Prince
Product: Integrate Google Drive
Published: Jan 23, 2026
Source: NVD
CVE-2026-24539 MEDIUM - 5.3

Missing Authorization vulnerability in ABCdatos Protección de datos &#8211; RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos &#8211; RGPD: from n/a through <= 0.68.

Vendor: ABCdatos
Product: Protección de datos &#8211; RGPD
Published: Jan 23, 2026
Source: NVD
CVE-2026-24535 MEDIUM - 4.3

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through <= 1.2.7.

Vendor: webdevstudios
Product: Automatic Featured Images from Videos
Published: Jan 23, 2026
Source: NVD
CVE-2026-24528 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through <= 2.1.9.

Vendor: pixelgrade
Product: Nova Blocks
Published: Jan 23, 2026
Source: NVD
CVE-2026-24526 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry &amp; Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry &amp; Cart Options for Wo...

Vendor: Steve Truman
Product: Email Inquiry &amp; Cart Options for WooCommerce
Published: Jan 23, 2026
Source: NVD
CVE-2026-24522 MEDIUM - 4.3

Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through <= 1.2.16.

Vendor: MyThemeShop
Product: WP Subscribe
Published: Jan 23, 2026
Source: NVD
CVE-2026-24521 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1.

Vendor: Timur Kamaev
Product: Kama Thumbnail
Published: Jan 23, 2026
Source: NVD
CVE-2025-13921 MEDIUM - 4.3

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and i...

Vendor: wedevs
Product: weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
Published: Jan 23, 2026
Source: NVD
CVE-2026-0914 MEDIUM - 6.4

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it ...

Published: Jan 23, 2026
Source: NVD
CVE-2025-2204 MEDIUM - 4.7

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about t...

Published: Jan 23, 2026
Source: NVD