Threat Entry Updated 2026-04-24

CVE-2026-32531 - Kunco Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.

PLUGIN Kunco

CVE-2026-32531

HIGH CVSS 8.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32532 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through

PLUGIN Elementor

CVE-2026-32532

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32529 - Molla Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.

PLUGIN Molla

CVE-2026-32529

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32528 - Riode Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.

PLUGIN Riode

CVE-2026-32528

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32522 - WooCommerce Support Ticket System Plugin

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish WooCommerce Support Ticket System woocommerce-support-ticket-system allows Path Traversal.This issue affects WooCommerce Support Ticket System: from n/a through < 18.5.

PLUGIN WooCommerce Support Ticket System

CVE-2026-32522

HIGH CVSS 8.6 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32526 - Abandoned Cart Recovery for WooCommerce Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through

PLUGIN Abandoned Cart Recovery for WooCommerce

CVE-2026-32526

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32516 - Miraculous Core Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects Miraculous Core Plugin: from n/a through < 2.1.2.

PLUGIN Miraculous Core Plugin

CVE-2026-32516

HIGH CVSS 8.5 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32518 - Gaea Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.

PLUGIN Gaea

CVE-2026-32518

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32517 - Contact Manager Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through

PLUGIN Contact Manager

CVE-2026-32517

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32513 - JS Archive List Plugin

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through

PLUGIN JS Archive List

CVE-2026-32513

HIGH CVSS 8.8 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-29

CVE-2026-32515 - Miraculous Plugin

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2.

PLUGIN Miraculous

CVE-2026-32515

HIGH CVSS 7.5 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32505 - Kiddy Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through

PLUGIN Kiddy

CVE-2026-32505

HIGH CVSS 8.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32504 - VintWood Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through

PLUGIN VintWood

CVE-2026-32504

HIGH CVSS 8.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32503 - Trendustry Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through

PLUGIN Trendustry

CVE-2026-32503

HIGH CVSS 8.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-29

CVE-2026-32501 - WP Configurator Pro Plugin

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurator Pro: from n/a through

PLUGIN WP Configurator Pro

CVE-2026-32501

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32500 - MetaMax Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through

PLUGIN MetaMax

CVE-2026-32500

HIGH CVSS 8.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32498 - RegistrationMagic Plugin

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through

PLUGIN RegistrationMagic

CVE-2026-32498

HIGH CVSS 7.5 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32495 - WP Terms Popup Plugin

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through

PLUGIN WP Terms Popup

CVE-2026-32495

HIGH CVSS 7.5 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-24

CVE-2026-32494 - Image Slider by Ays Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through

PLUGIN Image Slider by Ays

CVE-2026-32494

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-29

CVE-2026-32493 - JobSearch Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through

PLUGIN JobSearch

CVE-2026-32493

HIGH CVSS 7.1 2026-03-25

Risk Score

Open Full Technical Breakdown