Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-28
CVE-2026-24549 - GeoDirectory Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150.
PLUGIN
GeoDirectory
CVE-2026-24549
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24540 - Integrate Google Drive Plugin
Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through
PLUGIN
Integrate Google Drive
CVE-2026-24540
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24548 - Radio Player Plugin
Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through
PLUGIN
Radio Player
CVE-2026-24548
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24541 - Download After Email Plugin
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through
PLUGIN
Download After Email
CVE-2026-24541
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24539 - Protección de datos – RGPD Plugin
Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through
PLUGIN
Protección de datos – RGPD
CVE-2026-24539
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24544 - HD Quiz Plugin
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through
PLUGIN
HD Quiz
CVE-2026-24544
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24543 - Materialis Companion Plugin
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through
PLUGIN
Materialis Companion
CVE-2026-24543
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24542 - WP Term Order Plugin
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through
PLUGIN
WP Term Order
CVE-2026-24542
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24535 - Automatic Featured Images Plugin
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through
PLUGIN
Automatic Featured Images
CVE-2026-24535
Risk Score
Threat Entry
Updated 2026-02-17
CVE-2026-24532 - SiteLock Security – WP Hardening, Login Security & Malware Scans Plugin
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2.
PLUGIN
SiteLock Security – WP Hardening, Login Security & Malware Scans
CVE-2026-24532
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24528 - Nova Blocks Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through
PLUGIN
Nova Blocks
CVE-2026-24528
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24526 - WooCommerce Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through
PLUGIN
WooCommerce
CVE-2026-24526
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2026-24530 - WebP Conversion Plugin
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through
PLUGIN
WebP Conversion
CVE-2026-24530
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2026-24529 - Quick Restaurant Reservations Plugin
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through
PLUGIN
Quick Restaurant Reservations
CVE-2026-24529
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2026-24525 - CLP Varnish Cache Plugin
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through
PLUGIN
CLP Varnish Cache
CVE-2026-24525
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24522 - WP Subscribe Plugin
Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through
PLUGIN
WP Subscribe
CVE-2026-24522
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24521 - Kama Thumbnail Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through
PLUGIN
Kama Thumbnail
CVE-2026-24521
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-13921 - Ai Chatbot Plugin
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit any documentation post. The vulnerability was partially patched in version 2.1.16.
PLUGIN
Ai Chatbot
CVE-2025-13921
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0914 - Shapepress Dsgvo Plugin
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Shapepress Dsgvo
CVE-2026-0914
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-14745 - And Autoblogging Plugin
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
And Autoblogging
CVE-2025-14745
Risk Score