Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
Showing 13,181 - 13,200 of 14,728 CVEs
CVE-2026-24388 MEDIUM - 4.3

Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.

Vendor: Ludwig You
Product: WPMasterToolKit
Published: Jan 22, 2026
Source: NVD
CVE-2026-24387 MEDIUM - 4.3

Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1.

Vendor: Arul Prasad J
Product: WP Quick Post Duplicator
Published: Jan 22, 2026
Source: NVD
CVE-2026-24386 MEDIUM - 4.3

Missing Authorization vulnerability in Element Invader Element Invader &#8211; Template Kits for Elementor elementinvader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Invader &#8211; Template Kits for Elementor: from n/a through <= 1.2...

Vendor: Element Invader
Product: Element Invader &#8211; Template Kits for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2026-24384 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.This issue affects Merge + Minify + Refresh: from n/a through <= 2.14.

Vendor: launchinteractive
Product: Merge + Minify + Refresh
Published: Jan 22, 2026
Source: NVD
CVE-2026-24383 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.

Vendor: bPlugins
Product: B Slider
Published: Jan 22, 2026
Source: NVD
CVE-2026-24381 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through < 5.7.2.

Vendor: ThemeGoods
Product: PhotoMe
Published: Jan 22, 2026
Source: NVD
CVE-2026-24374 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Cross Site Request Forgery.This issue affects RegistrationMagic: from n/a through <= 6.0.6.9.

Vendor: Metagauss
Product: RegistrationMagic
Published: Jan 22, 2026
Source: NVD
CVE-2026-24366 MEDIUM - 5.3

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through <= 2.46.0.

Vendor: YITHEMES
Product: YITH WooCommerce Request A Quote
Published: Jan 22, 2026
Source: NVD
CVE-2026-24365 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.

Vendor: storeapps
Product: Stock Manager for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2026-24361 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress &#8211; Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress &#8211; Course Review: from n/a through <= 4.1.9.

Vendor: ThimPress
Product: LearnPress &#8211; Course Review
Published: Jan 22, 2026
Source: NVD
CVE-2026-24360 MEDIUM - 4.6

Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.

Vendor: Craig Hewitt
Product: Seriously Simple Podcasting
Published: Jan 22, 2026
Source: NVD
CVE-2026-24355 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6.

Vendor: favethemes
Product: Houzez Theme - Functionality
Published: Jan 22, 2026
Source: NVD
CVE-2026-24354 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.

Vendor: PenciDesign
Product: Penci Shortcodes & Performance
Published: Jan 22, 2026
Source: NVD
CVE-2026-22483 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.

Vendor: winkm89
Product: teachPress
Published: Jan 22, 2026
Source: NVD
CVE-2026-22469 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.

Vendor: mwtemplates
Product: DeepDigital
Published: Jan 22, 2026
Source: NVD
CVE-2026-22468 MEDIUM - 4.3

Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14.

Vendor: AbsolutePlugins
Product: Absolute Addons For Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2026-22466 MEDIUM - 4.3

Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3.

Vendor: Chandni Patel
Product: WP MapIt
Published: Jan 22, 2026
Source: NVD
CVE-2026-22463 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.

Vendor: Micro.company
Product: Form to Chat App
Published: Jan 22, 2026
Source: NVD
CVE-2026-22462 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5.

Vendor: richardevcom
Product: Add Polylang support for Customizer
Published: Jan 22, 2026
Source: NVD
CVE-2026-22458 MEDIUM - 4.3

Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5.

Vendor: Mikado-Themes
Product: Wanderland
Published: Jan 22, 2026
Source: NVD