Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,241 - 13,260 of 14,373 CVEs
CVE-2026-22396 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.

Vendor: Mikado-Themes
Product: Fiorello
Published: Jan 22, 2026
Source: NVD
CVE-2026-22393 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3.

Vendor: Mikado-Themes
Product: Curly
Published: Jan 22, 2026
Source: NVD
CVE-2026-22391 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1.

Vendor: Mikado-Themes
Product: Cocco
Published: Jan 22, 2026
Source: NVD
CVE-2026-22388 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2.

Vendor: Imran Emu
Product: Owl Carousel WP
Published: Jan 22, 2026
Source: NVD
CVE-2026-22382 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.

Vendor: Mikado-Themes
Product: PawFriends - Pet Shop and Veterinary WordPress Theme
Published: Jan 22, 2026
Source: NVD
CVE-2026-22360 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4.

Vendor: AA-Team
Product: SearchAzon
Published: Jan 22, 2026
Source: NVD
CVE-2026-22359 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through <= 1.0.

Vendor: AA-Team
Product: Wordpress Movies Bulk Importer
Published: Jan 22, 2026
Source: NVD
CVE-2026-22358 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.

Vendor: SmartDataSoft
Product: Electrician - Electrical Service WordPress
Published: Jan 22, 2026
Source: NVD
CVE-2026-22353 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through <= 9.0.12.

Vendor: winkm89
Product: teachPress
Published: Jan 22, 2026
Source: NVD
CVE-2026-22349 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through <= 1.4.1.

Vendor: linux4me2
Product: Menu In Post
Published: Jan 22, 2026
Source: NVD
CVE-2026-22348 MEDIUM - 5.3

Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.

Vendor: Tasos Fel
Product: Civic Cookie Control
Published: Jan 22, 2026
Source: NVD
CVE-2026-22347 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a t...

Vendor: subhansanjaya
Product: Carousel Horizontal Posts Content Slider
Published: Jan 22, 2026
Source: NVD
CVE-2025-70899 MEDIUM - 6.5

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-69317 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.

Vendor: scriptsbundle
Product: CarSpot
Published: Jan 22, 2026
Source: NVD
CVE-2025-69316 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.

Vendor: RealMag777
Product: TableOn
Published: Jan 22, 2026
Source: NVD
CVE-2025-69315 MEDIUM - 6.5

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.

Vendor: NSquared
Product: Simply Schedule Appointments
Published: Jan 22, 2026
Source: NVD
CVE-2025-69300 MEDIUM - 5.4

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.

Vendor: Leap13
Product: Premium Addons for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-69098 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through <= 6.2.12.

Vendor: wpWave
Product: Hide My WP
Published: Jan 22, 2026
Source: NVD
CVE-2025-69095 MEDIUM - 6.5

Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.

Vendor: designthemes
Product: Reservation Plugin
Published: Jan 22, 2026
Source: NVD
CVE-2025-69055 MEDIUM - 6.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder bm-builder allows Path Traversal.This issue affects BM Content Builder: from n/a through <= 3.16.3.

Vendor: SeaTheme
Product: BM Content Builder
Published: Jan 22, 2026
Source: NVD