Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3,629
Critical0
High3,629
Medium0
Reset
Showing 321-340 of 3629 records
Threat Entry Updated 2026-04-24

CVE-2026-25360 - Vex Plugin

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.

PLUGIN Vex

CVE-2026-25360

HIGH CVSS 8.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25359 - Pendulum Plugin

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.

PLUGIN Pendulum

CVE-2026-25359

HIGH CVSS 8.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25376 - Addon Jobsearch Chat Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows Reflected XSS.This issue affects Addon Jobsearch Chat: from n/a through

PLUGIN Addon Jobsearch Chat

CVE-2026-25376

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25373 - Vayvo Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through < 6.8.

PLUGIN Vayvo

CVE-2026-25373

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25361 - WpEvently Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through

PLUGIN WpEvently

CVE-2026-25361

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25358 - Meloo Plugin

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.

PLUGIN Meloo

CVE-2026-25358

HIGH CVSS 8.8 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-28

CVE-2026-25357 - Ultimate Membership Pro Plugin

Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through

PLUGIN Ultimate Membership Pro

CVE-2026-25357

HIGH CVSS 8.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25356 - Yobazar Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.

PLUGIN Yobazar

CVE-2026-25356

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25354 - Reebox Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.

PLUGIN Reebox

CVE-2026-25354

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25353 - Nooni Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Nooni nooni allows Reflected XSS.This issue affects Nooni: from n/a through < 1.5.1.

PLUGIN Nooni

CVE-2026-25353

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25352 - MyDecor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through < 1.5.9.

PLUGIN MyDecor

CVE-2026-25352

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25351 - MyMedi Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through < 1.7.7.

PLUGIN MyMedi

CVE-2026-25351

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25350 - Miti Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.

PLUGIN Miti

CVE-2026-25350

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25349 - Loobek Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through < 1.5.2.

PLUGIN Loobek

CVE-2026-25349

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25347 - WP REST Cache Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a through

PLUGIN WP REST Cache

CVE-2026-25347

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25346 - FAQ Builder AYS Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through

PLUGIN FAQ Builder AYS

CVE-2026-25346

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25334 - Salon Booking System Pro Plugin

Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through < 10.30.12.

PLUGIN Salon Booking System Pro

CVE-2026-25334

HIGH CVSS 8.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25342 - Boutique Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6.

PLUGIN Boutique

CVE-2026-25342

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-24

CVE-2026-25341 - RSFirewall! Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through

PLUGIN RSFirewall!

CVE-2026-25341

HIGH CVSS 7.1 2026-03-25
Open Full Technical Breakdown
Threat Entry Updated 2026-04-29

CVE-2026-25317 - Print Invoice & Delivery Notes for WooCommerce Plugin

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through

PLUGIN Print Invoice & Delivery Notes for WooCommerce

CVE-2026-25317

HIGH CVSS 7.5 2026-03-25
Open Full Technical Breakdown
Scroll to top