Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,807
Critical0
High0
Medium10,807
Reset
Showing 781-800 of 10807 records
Threat Entry Updated 2026-02-03

CVE-2026-25014 - Enter Addons Plugin

Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through

PLUGIN Enter Addons

CVE-2026-25014

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-25011 - WP Custom Admin Interface Plugin

Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through

PLUGIN WP Custom Admin Interface

CVE-2026-25011

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24990 - WP Docs Plugin

Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through

PLUGIN WP Docs

CVE-2026-24990

MEDIUM CVSS 5.4 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24997 - Wired Impact Volunteer Management Plugin

Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wired Impact Volunteer Management: from n/a through

PLUGIN Wired Impact Volunteer Management

CVE-2026-24997

MEDIUM CVSS 5.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24994 - Sunshine Photo Cart Plugin

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through

PLUGIN Sunshine Photo Cart

CVE-2026-24994

MEDIUM CVSS 5.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24992 - WooCommerce Plugin

Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through

PLUGIN WooCommerce

CVE-2026-24992

MEDIUM CVSS 5.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24991 - Extensions For CF7 Plugin

Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through

PLUGIN Extensions For CF7

CVE-2026-24991

MEDIUM CVSS 5.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24996 - WPElemento Importer Plugin

Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through

PLUGIN WPElemento Importer

CVE-2026-24996

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24995 - Latest Post Shortcode Plugin

Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through

PLUGIN Latest Post Shortcode

CVE-2026-24995

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-04

CVE-2026-24988 - The Events Calendar Shortcode & Block Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through

PLUGIN The Events Calendar Shortcode & Block

CVE-2026-24988

MEDIUM CVSS 6.5 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-27

CVE-2026-24984 - Visual Link Preview Plugin

Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through

PLUGIN Visual Link Preview

CVE-2026-24984

MEDIUM CVSS 6.5 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24986 - Simple Membership WP user Import Plugin

Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through

PLUGIN Simple Membership WP user Import

CVE-2026-24986

MEDIUM CVSS 5.4 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24982 - Spectra Plugin

Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through

PLUGIN Spectra

CVE-2026-24982

MEDIUM CVSS 5.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24967 - Amelia Plugin

Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through

PLUGIN Amelia

CVE-2026-24967

MEDIUM CVSS 5.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24985 - WP Forms Signature Contract Add-On Plugin

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through

PLUGIN WP Forms Signature Contract Add-On

CVE-2026-24985

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24966 - Copyscape Premium Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through

PLUGIN Copyscape Premium

CVE-2026-24966

MEDIUM CVSS 4.3 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24958 - Elementor Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through

PLUGIN Elementor

CVE-2026-24958

MEDIUM CVSS 6.5 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24957 - Strong Testimonials Plugin

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through

PLUGIN Strong Testimonials

CVE-2026-24957

MEDIUM CVSS 6.5 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24952 - Seriously Simple Podcasting Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through

PLUGIN Seriously Simple Podcasting

CVE-2026-24952

MEDIUM CVSS 6.5 2026-02-03
Open Full Technical Breakdown
Threat Entry Updated 2026-02-03

CVE-2026-24961 - Grand Blog Plugin

Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5.

PLUGIN Grand Blog

CVE-2026-24961

MEDIUM CVSS 5.4 2026-02-03
Open Full Technical Breakdown
Scroll to top