Filter and search through 392,315 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-24542 | Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects ... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-24541 | Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Sec... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24540 | Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24539 | Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24538 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnip... | 7.6 | 397 | Neutral | No | Yes |
| CVE-2026-24536 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows R... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-24535 | Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Inc... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-24534 | Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Lev... | 8.8 | 609 | Neutral | No | Yes |
| CVE-2026-24532 | Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.Thi... | 8.8 | 609 | Neutral | No | Yes |
| CVE-2026-24531 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess... | 9.8 | 588 | Neutral | No | Yes |
| CVE-2026-24530 | Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Leve... | 8.8 | 609 | Neutral | No | Yes |
| CVE-2026-24529 | Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured ... | 8.8 | 609 | Neutral | No | Yes |
| CVE-2026-24528 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Ba... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24526 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options fo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24525 | Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24524 | Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ... | 8.1 | 540 | Neutral | No | Yes |
| CVE-2026-24523 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allow... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-24522 | Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.T... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-24521 | Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kam... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24515 | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | 2.9 | 101 | Neutral | No | Yes |