Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-24
CVE-2026-25031 - Tasty Daily Plugin
Deserialization of Untrusted Data vulnerability in park_of_ideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through < 1.27.
PLUGIN
Tasty Daily
CVE-2026-25031
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25030 - Goldish Plugin
Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47.
PLUGIN
Goldish
CVE-2026-25030
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25029 - KIDZ Plugin
Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through
PLUGIN
KIDZ
CVE-2026-25029
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-24989 - SUMO Affiliates Pro Plugin
Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0.
PLUGIN
SUMO Affiliates Pro
CVE-2026-24989
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-24993 - Advanced WooCommerce Product Sales Reporting Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through
PLUGIN
Advanced WooCommerce Product Sales Reporting
CVE-2026-24993
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-24971 - Search & Go Plugin
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through
PLUGIN
Search & Go
CVE-2026-24971
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-24968 - Xagio SEO Plugin
Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through
PLUGIN
Xagio SEO
CVE-2026-24968
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-24378 - EventPrime Plugin
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through
PLUGIN
EventPrime
CVE-2026-24378
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-22507 - Beelove Plugin
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through
PLUGIN
Beelove
CVE-2026-22507
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-22500 - m2 | Construction and Tools Store Plugin
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through
PLUGIN
m2 | Construction and Tools Store
CVE-2026-22500
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-22484 - Lisfinity Core Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through
PLUGIN
Lisfinity Core
CVE-2026-22484
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-4283 - Shapepress Dsgvo Plugin
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthenticated users, which bypasses the intended email-confirmation flow and immediately triggers irreversible account anonymization. This makes it possible for unauthenticated attackers to permanently destroy any non-administrator user account (password randomized, username/email overwritten, roles stripped, comments anonymized, sensitive usermeta wiped) by submitting the victim's email address with `process_now=1`. The nonce required for the request is publicly…
PLUGIN
Shapepress Dsgvo
CVE-2026-4283
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-4001 - Woocommerce Custom Product Addons Pro Plugin
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_custom_formula() function within includes/process/price.php. This is due to insufficient sanitization and validation of user-submitted field values before passing them to PHP's eval() function. The sanitize_values() method strips HTML tags but does not escape single quotes or prevent PHP code injection. This makes it possible for unauthenticated attackers to execute arbitrary code on the server by submitting a crafted value…
PLUGIN
Woocommerce Custom Product Addons Pro
CVE-2026-4001
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-3584 - Kali Forms — Contact Form & Drag-and-Drop Builder Plugin
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of 'call_user_func' on these placeholder values. This makes it possible for unauthenticated attackers to execute code on the server.
PLUGIN
Kali Forms — Contact Form & Drag-and-Drop Builder
CVE-2026-3584
Risk Score
Threat Entry
Updated 2026-04-22
CVE-2026-4038 - Aimogen Pro Plugin
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to call arbitrary WordPress functions such as 'update_option' to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
PLUGIN
Aimogen Pro
CVE-2026-4038
Risk Score
Threat Entry
Updated 2026-04-23
CVE-2026-27065 - BuilderPress Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through
PLUGIN
BuilderPress
CVE-2026-27065
Risk Score
Threat Entry
Updated 2026-04-23
CVE-2026-27067 - Mobile App Editor Plugin
Unrestricted Upload of File with Dangerous Type vulnerability in Syarif Mobile App Editor mobile-app-editor allows Upload a Web Shell to a Web Server.This issue affects Mobile App Editor: from n/a through
PLUGIN
Mobile App Editor
CVE-2026-27067
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-27542 - Woocommerce Wholesale Lead Capture Plugin
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through
PLUGIN
Woocommerce Wholesale Lead Capture
CVE-2026-27542
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-27413 - Profile Builder Pro Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0.
PLUGIN
Profile Builder Pro
CVE-2026-27413
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-27540 - Woocommerce Wholesale Lead Capture Plugin
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through
PLUGIN
Woocommerce Wholesale Lead Capture
CVE-2026-27540
Risk Score