Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total1,046
Critical1,046
High0
Medium0
Reset
Showing 81-100 of 1046 records
Threat Entry Updated 2026-04-24

CVE-2026-32482 - Ona Plugin

Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24.

PLUGIN Ona

CVE-2026-32482

CRITICAL CVSS 9.9 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-31920 - Product Rearrange for WooCommerce Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through

PLUGIN Product Rearrange for WooCommerce

CVE-2026-31920

CRITICAL CVSS 9.3 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27095 - Bus Ticket Booking with Seat Reservation Plugin

Deserialization of Untrusted Data vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Object Injection.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through

PLUGIN Bus Ticket Booking with Seat Reservation

CVE-2026-27095

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27084 - Buisson Plugin

Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through

PLUGIN Buisson

CVE-2026-27084

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27083 - Work & Travel Company Plugin

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through

PLUGIN Work & Travel Company

CVE-2026-27083

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27082 - Love Story Plugin

Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through

PLUGIN Love Story

CVE-2026-27082

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27051 - Golo Plugin

Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through

PLUGIN Golo

CVE-2026-27051

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27049 - Jobica Core Plugin

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through

PLUGIN Jobica Core

CVE-2026-27049

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-29

CVE-2026-27071 - WPCafe Plugin

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through

PLUGIN WPCafe

CVE-2026-27071

CRITICAL CVSS 9.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-27044 - Total Poll Lite Plugin

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through

PLUGIN Total Poll Lite

CVE-2026-27044

CRITICAL CVSS 9.9 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25413 - WPBookit Pro Plugin

Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through

PLUGIN WPBookit Pro

CVE-2026-25413

CRITICAL CVSS 9.9 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25429 - Nexa Blocks Plugin

Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through

PLUGIN Nexa Blocks

CVE-2026-25429

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25447 - Widget Wrangler Plugin

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through

PLUGIN Widget Wrangler

CVE-2026-25447

CRITICAL CVSS 9.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25377 - Addon Jobsearch Chat Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through

PLUGIN Addon Jobsearch Chat

CVE-2026-25377

CRITICAL CVSS 9.3 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25366 - Woody ad snippets Plugin

Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through

PLUGIN Woody ad snippets

CVE-2026-25366

CRITICAL CVSS 9.9 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25371 - Lumise Product Designer Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through < 2.0.9.

PLUGIN Lumise Product Designer

CVE-2026-25371

CRITICAL CVSS 9.3 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25345 - SimpLy Gallery Plugin

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through

PLUGIN SimpLy Gallery

CVE-2026-25345

CRITICAL CVSS 9.9 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25340 - Jobmonster Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4.

PLUGIN Jobmonster

CVE-2026-25340

CRITICAL CVSS 9.3 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25035 - Contest Gallery Plugin

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through

PLUGIN Contest Gallery

CVE-2026-25035

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25032 - Ricky Plugin

Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31.

PLUGIN Ricky

CVE-2026-25032

CRITICAL CVSS 9.8 2026-03-25
Open Full Technical Breakdown
Scroll to top