Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,221 - 13,240 of 14,373 CVEs
CVE-2026-24354 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6.1.

Vendor: PenciDesign
Product: Penci Shortcodes & Performance
Published: Jan 22, 2026
Source: NVD
CVE-2026-22483 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through <= 9.0.12.

Vendor: winkm89
Product: teachPress
Published: Jan 22, 2026
Source: NVD
CVE-2026-22469 MEDIUM - 5.3

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.

Vendor: mwtemplates
Product: DeepDigital
Published: Jan 22, 2026
Source: NVD
CVE-2026-22468 MEDIUM - 4.3

Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14.

Vendor: AbsolutePlugins
Product: Absolute Addons For Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2026-22466 MEDIUM - 4.3

Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP MapIt: from n/a through <= 3.0.3.

Vendor: Chandni Patel
Product: WP MapIt
Published: Jan 22, 2026
Source: NVD
CVE-2026-22463 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.

Vendor: Micro.company
Product: Form to Chat App
Published: Jan 22, 2026
Source: NVD
CVE-2026-22462 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5.

Vendor: richardevcom
Product: Add Polylang support for Customizer
Published: Jan 22, 2026
Source: NVD
CVE-2026-22458 MEDIUM - 4.3

Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5.

Vendor: Mikado-Themes
Product: Wanderland
Published: Jan 22, 2026
Source: NVD
CVE-2026-22450 MEDIUM - 4.3

Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3.

Vendor: Select-Themes
Product: Don Peppe
Published: Jan 22, 2026
Source: NVD
CVE-2026-22447 MEDIUM - 4.3

Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.

Vendor: Select-Themes
Product: Prowess
Published: Jan 22, 2026
Source: NVD
CVE-2026-22445 MEDIUM - 5.3

Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through <= 2.6.4.

Vendor: Proptech Plugin
Product: Apimo Connector
Published: Jan 22, 2026
Source: NVD
CVE-2026-22430 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.

Vendor: Mikado-Themes
Product: Verdure
Published: Jan 22, 2026
Source: NVD
CVE-2026-22426 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.

Vendor: Elated-Themes
Product: Sweet Jane
Published: Jan 22, 2026
Source: NVD
CVE-2026-22411 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6.

Vendor: Mikado-Themes
Product: Dolcino
Published: Jan 22, 2026
Source: NVD
CVE-2026-22409 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.

Vendor: Mikado-Themes
Product: Justicia
Published: Jan 22, 2026
Source: NVD
CVE-2026-22407 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.

Vendor: Mikado-Themes
Product: Roam
Published: Jan 22, 2026
Source: NVD
CVE-2026-22406 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.

Vendor: Mikado-Themes
Product: Overton
Published: Jan 22, 2026
Source: NVD
CVE-2026-22404 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Innovio
Published: Jan 22, 2026
Source: NVD
CVE-2026-22400 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7.

Vendor: Mikado-Themes
Product: Holmes
Published: Jan 22, 2026
Source: NVD
CVE-2026-22398 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.

Vendor: Mikado-Themes
Product: Fleur
Published: Jan 22, 2026
Source: NVD