CVE Vulnerabilities

CVE vulnerability database enriched with CISA KEV and NVD data

Total: 328,882 CVEs

CVE ID	CVSS	Severity	KEV	Published
CVE-2026-24542 Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0.	4.3	MEDIUM	—	1/23/2026
CVE-2026-24543 Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Compan...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24544 Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.	4.3	MEDIUM	—	1/23/2026
CVE-2026-24532 Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This i...	8.8	HIGH	—	1/23/2026
CVE-2026-24551 Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Pl...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24556 Missing Authorization vulnerability in wpdive ElementCamp element-camp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementCamp: from n/a through <= 2.3.2...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24557 Insertion of Sensitive Information Into Sent Data vulnerability in WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension allows Retrieve Embedded Sensitive Data.This ...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24558 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24559 Insertion of Sensitive Information Into Sent Data vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Retrieve Embedded Sensitive Data.This issue affects Integration f...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24561 Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a ...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24562 Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu &#8211...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24567 Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Orde...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24569 Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library Fi...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24570 Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a throu...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24571 Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a th...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24576 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.	5.4	MEDIUM	—	1/23/2026
CVE-2026-24578 Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login ...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24579 Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24580 Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This ...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24581 Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issu...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24583 Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This is...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24584 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This is...	5.9	MEDIUM	—	1/23/2026
CVE-2026-24585 Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...	6.5	MEDIUM	—	1/23/2026
CVE-2026-24587 Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX ...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24588 Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24589 Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.	5.3	MEDIUM	—	1/23/2026
CVE-2026-24591 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.Thi...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24593 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24594 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.Th...	4.8	MEDIUM	—	1/23/2026
CVE-2026-24598 Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage b...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24599 Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This ...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24600 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a ...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24601 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Write...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24602 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is a false positive. According to the vendor, the function identified as a vulnerability is intentional...	N/A	NONE	—	1/23/2026
CVE-2026-24603 Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Leve...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24604 Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24605 Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elemen...	4.3	MEDIUM	—	1/23/2026
CVE-2026-24607 Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a ...	5.3	MEDIUM	—	1/23/2026
CVE-2025-71194 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type When wait_current_trans() is called during start_trans...	N/A	NONE	—	2/4/2026
CVE-2026-24608 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This is...	7.5	HIGH	—	1/23/2026
CVE-2026-24609 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affect...	7.5	HIGH	—	1/23/2026
CVE-2026-24612 Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= ...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24615 Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a throu...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24617 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a throug...	6.5	MEDIUM	—	1/23/2026
CVE-2026-24619 Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff...	5.3	MEDIUM	—	1/23/2026
CVE-2026-24621 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects T...	4.8	MEDIUM	—	1/23/2026
CVE-2026-24622 Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolki...	5.4	MEDIUM	—	1/23/2026
CVE-2026-24623 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <=...	6.5	MEDIUM	—	1/23/2026
CVE-2026-24624 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a thro...	7.2	HIGH	—	1/23/2026
CVE-2026-1157 A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This affects the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ssid leads to buffe...	8.8	HIGH	—	1/19/2026

Page 18 of 6578

Previous Next

This product uses data from the NVD API but is not endorsed or certified by the NVD.