Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-24
CVE-2026-27039 - WZone Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through
PLUGIN
WZone
CVE-2026-27039
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-27047 - Curly Core Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through
PLUGIN
Curly Core
CVE-2026-27047
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25464 - Jannah Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through
PLUGIN
Jannah
CVE-2026-25464
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25458 - Moments Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through
PLUGIN
Moments
CVE-2026-25458
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25461 - Listeo Core Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through
PLUGIN
Listeo Core
CVE-2026-25461
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25457 - Mixtape Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through
PLUGIN
Mixtape
CVE-2026-25457
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-25456 - Automated FedEx live/manual rates with shipping labels Plugin
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through
PLUGIN
Automated FedEx live/manual rates with shipping labels
CVE-2026-25456
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25452 - Remoji Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDO Remoji remoji allows Stored XSS.This issue affects Remoji: from n/a through
PLUGIN
Remoji
CVE-2026-25452
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25414 - WPBookit Pro Plugin
Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through
PLUGIN
WPBookit Pro
CVE-2026-25414
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25435 - Booking calendar, Appointment Booking System Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Stored XSS.This issue affects Booking calendar, Appointment Booking System: from n/a through
PLUGIN
Booking calendar, Appointment Booking System
CVE-2026-25435
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25400 - Apicona Plugin
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through
PLUGIN
Apicona
CVE-2026-25400
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-25406 - Tutor LMS Pro Plugin
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through
PLUGIN
Tutor LMS Pro
CVE-2026-25406
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25401 - WPCargo Track & Trace Plugin
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through
PLUGIN
WPCargo Track & Trace
CVE-2026-25401
Risk Score
Threat Entry
Updated 2026-04-28
CVE-2026-25397 - File Uploader for WooCommerce Plugin
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through
PLUGIN
File Uploader for WooCommerce
CVE-2026-25397
Risk Score
Threat Entry
Updated 2026-04-29
CVE-2026-25396 - Commerce Coinbase For WooCommerce Plugin
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through
PLUGIN
Commerce Coinbase For WooCommerce
CVE-2026-25396
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25382 - IdealAuto Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6.
PLUGIN
IdealAuto
CVE-2026-25382
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25381 - LoveDate Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes LoveDate lovedate allows PHP Local File Inclusion.This issue affects LoveDate: from n/a through < 3.8.6.
PLUGIN
LoveDate
CVE-2026-25381
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25380 - Feedy Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Feedy feedy allows PHP Local File Inclusion.This issue affects Feedy: from n/a through < 2.1.5.
PLUGIN
Feedy
CVE-2026-25380
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25379 - StreamVid Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affects StreamVid: from n/a through < 6.8.6.
PLUGIN
StreamVid
CVE-2026-25379
Risk Score
Threat Entry
Updated 2026-04-24
CVE-2026-25383 - KiviCare Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through
PLUGIN
KiviCare
CVE-2026-25383
Risk Score