Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-24
CVE-2026-22369 - Ironfit Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through
PLUGIN
Ironfit
CVE-2026-22369
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-22368 - Redy Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through
PLUGIN
Redy
CVE-2026-22368
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22367 - Coworking Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue affects Coworking: from n/a through
PLUGIN
Coworking
CVE-2026-22367
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-22366 - Jude Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through
PLUGIN
Jude
CVE-2026-22366
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-22364 - SevenTrees Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through
PLUGIN
SevenTrees
CVE-2026-22364
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22363 - Rhodos Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a through
PLUGIN
Rhodos
CVE-2026-22363
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-22362 - Photolia Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through
PLUGIN
Photolia
CVE-2026-22362
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22354 - Woocommerce Category Banner Management Plugin
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through
PLUGIN
Woocommerce Category Banner Management
CVE-2026-22354
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22361 - A-Mart Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through
PLUGIN
A-Mart
CVE-2026-22361
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22356 - Jetpack CRM Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through
PLUGIN
Jetpack CRM
CVE-2026-22356
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-22357 - Link Whisper Free Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through
PLUGIN
Link Whisper Free
CVE-2026-22357
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-22352 - Persian Woocommerce SMS Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through
PLUGIN
Persian Woocommerce SMS
CVE-2026-22352
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22346 - Slider Responsive Slideshow – Image slider, Gallery slideshow Plugin
Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through
PLUGIN
Slider Responsive Slideshow – Image slider, Gallery slideshow
CVE-2026-22346
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22345 - Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery Plugin
Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through
PLUGIN
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
CVE-2026-22345
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22344 - FiveStar Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through
PLUGIN
FiveStar
CVE-2026-22344
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2025-69368 - Soho Allows Dom Based Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through
THEME
Soho Allows Dom Based Xss
CVE-2025-69368
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2025-69367 - Oyster Allows Dom Based Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through
THEME
Oyster Allows Dom Based Xss
CVE-2025-69367
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-27343 - Airtifact Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through
PLUGIN
Airtifact
CVE-2026-27343
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-2232 - Product Table And List Builder For Woocommerce Lite Plugin
The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Product Table And List Builder For Woocommerce Lite
CVE-2026-2232
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1581 - Wpforo Forum Plugin
The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2.4.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
PLUGIN
Wpforo Forum
CVE-2026-1581
Risk Score