Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-26
CVE-2026-24523 - WP FullCalendar Plugin
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through
PLUGIN
WP FullCalendar
CVE-2026-24523
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-14866 - Melapress Role Editor Plugin
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator.
PLUGIN
Melapress Role Editor
CVE-2025-14866
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2024-11976 - The Buddypress Plugin
The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
The Buddypress
CVE-2024-11976
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-66428 - WordPress Core
An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation.
CORE
WordPress Core
CVE-2025-66428
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24390 - Elementor Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
PLUGIN
Elementor
CVE-2026-24390
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24380 - EventPrime Plugin
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through
PLUGIN
EventPrime
CVE-2026-24380
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24368 - The Grid Plugin
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
PLUGIN
The Grid
CVE-2026-24368
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24367 - Traveler Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.
PLUGIN
Traveler
CVE-2026-24367
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24377 - Nexter Blocks Plugin
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through
PLUGIN
Nexter Blocks
CVE-2026-24377
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24358 - Quiz And Survey Master Plugin
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through
PLUGIN
Quiz And Survey Master
CVE-2026-24358
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24356 - GetGenie Plugin
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through
PLUGIN
GetGenie
CVE-2026-24356
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24357 - WP Recipe Maker Plugin
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through
PLUGIN
WP Recipe Maker
CVE-2026-24357
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-23974 - Golo Plugin
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
PLUGIN
Golo
CVE-2026-23974
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24353 - User Registration Plugin
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through
PLUGIN
User Registration
CVE-2026-24353
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-23976 - Modula Image Gallery Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through
PLUGIN
Modula Image Gallery
CVE-2026-23976
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22481 - BD Courier Order Ratio Checker Plugin
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through
PLUGIN
BD Courier Order Ratio Checker
CVE-2026-22481
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22472 - Easy Form Builder Plugin
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through
PLUGIN
Easy Form Builder
CVE-2026-22472
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22470 - FireStorm Professional Real Estate Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through
PLUGIN
FireStorm Professional Real Estate
CVE-2026-22470
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22464 - My auctions allegro Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through
PLUGIN
My auctions allegro
CVE-2026-22464
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22402 - Triply Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through
PLUGIN
Triply
CVE-2026-22402
Risk Score