CVE Schwachstellen

CVE-Datenbank angereichert mit CISA KEV und NVD Daten

Gesamt: 15,536 CVEs

CVE ID	CVSS	Schweregrad	KEV	Veroffentlicht
CVE-2026-25473 Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.	5.4	MEDIUM	—	2/19/2026
CVE-2026-25472 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: fro...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25463 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: ...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25459 Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.	4.3	MEDIUM	—	2/19/2026
CVE-2026-25453 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: ...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25451 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Buil...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25441 Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a thro...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25432 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25428 Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.	4.4	MEDIUM	—	2/19/2026
CVE-2026-25423 Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D...	3.8	LOW	—	2/19/2026
CVE-2026-25422 Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.	5.4	MEDIUM	—	2/19/2026
CVE-2026-25420 Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: fr...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25419 Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a th...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25418 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through...	7.6	HIGH	—	2/19/2026
CVE-2026-25416 Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News K...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25415 Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through ...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25412 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	N/A	NONE	—	2/19/2026
CVE-2026-25411 Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <=...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25410 Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.	4.3	MEDIUM	—	2/19/2026
CVE-2026-25409 Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployme...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25408 Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifie...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25407 Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.	4.3	MEDIUM	—	2/19/2026
CVE-2026-25404 Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thro...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25402 Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25399 Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: f...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25395 Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a through...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25394 Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through ...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25393 Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25392 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls al...	4.7	MEDIUM	—	2/19/2026
CVE-2026-25391 Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1....	5.4	MEDIUM	—	2/19/2026
CVE-2026-25389 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25388 Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.	5.4	MEDIUM	—	2/19/2026
CVE-2026-25387 Missing Authorization vulnerability in Elementor Image Optimizer by Elementor image-optimization allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Optimi...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25386 Missing Authorization vulnerability in Elementor Ally pojo-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ally: from n/a through <= 4.0.2.	5.3	MEDIUM	—	2/19/2026
CVE-2026-25385 Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.	5.5	MEDIUM	—	2/19/2026
CVE-2026-25384 Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for e...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25378 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nel...	7.6	HIGH	—	2/19/2026
CVE-2026-25375 Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25374 Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through ...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25372 Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25370 Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a t...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25368 Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fi...	6.5	MEDIUM	—	2/19/2026
CVE-2026-25367 Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7....	5.3	MEDIUM	—	2/19/2026
CVE-2026-25364 Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client In...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25363 Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.1...	4.3	MEDIUM	—	2/19/2026
CVE-2026-25362 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through...	5.9	MEDIUM	—	2/19/2026
CVE-2026-25348 Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25343 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.	5.9	MEDIUM	—	2/19/2026
CVE-2026-25338 Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This i...	5.3	MEDIUM	—	2/19/2026
CVE-2026-25337 Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.	5.4	MEDIUM	—	2/19/2026

Seite 127 von 311

Zuruck Weiter

This product uses data from the NVD API but is not endorsed or certified by the NVD.