Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total11,547
Critical0
High0
Medium11,547
Reset
Showing 121-140 of 11547 records
Threat Entry Updated 2026-05-26

CVE-2026-32389 - NanoCare Plugin

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2.

PLUGIN NanoCare

CVE-2026-32389

MEDIUM CVSS 5.4 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24586 - Newses Plugin

Missing Authorization vulnerability in Themeansar Newses allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Newses: from n/a through 2.0.0.77.

PLUGIN Newses

CVE-2026-24586

MEDIUM CVSS 5.4 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-27398 - RSVP and Event Management Plugin

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from n/a through 2.7.16.

PLUGIN RSVP and Event Management

CVE-2026-27398

MEDIUM CVSS 5.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-27357 - WP Search Analytics Plugin

Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a before 1.5.0.

PLUGIN WP Search Analytics

CVE-2026-27357

MEDIUM CVSS 5.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24592 - Auto Affiliate Links Plugin

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Affiliate Links: from n/a through 6.8.8.3.

PLUGIN Auto Affiliate Links

CVE-2026-24592

MEDIUM CVSS 5.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-27346 - B2BKing Plugin

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.

PLUGIN B2BKing

CVE-2026-27346

MEDIUM CVSS 4.9 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24582 - FlexTable Plugin

Missing Authorization vulnerability in WPPOOL FlexTable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FlexTable: from n/a through 3.24.0.

PLUGIN FlexTable

CVE-2026-24582

MEDIUM CVSS 4.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24554 - WPSubscription Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Convers Lab WPSubscription allows Cross Site Request Forgery. This issue affects WPSubscription: from n/a through 1.9.1.

PLUGIN WPSubscription

CVE-2026-24554

MEDIUM CVSS 4.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24527 - Autoship Cloud for WooCommerce Subscription Products Plugin

Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0.

PLUGIN Autoship Cloud for WooCommerce Subscription Products

CVE-2026-24527

MEDIUM CVSS 4.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24597 - Organization chart Plugin

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5.

PLUGIN Organization chart

CVE-2026-24597

MEDIUM CVSS 4.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24545 - QR Redirector Plugin

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3.

PLUGIN QR Redirector

CVE-2026-24545

MEDIUM CVSS 4.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-26

CVE-2026-24546 - GamiPress Plugin

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3.

PLUGIN GamiPress

CVE-2026-24546

MEDIUM CVSS 5.3 2026-05-25
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-8684 - Motopress Hotel Booking Plugin

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or delete the internal notes (_mphb_booking_internal_notes) of any booking by supplying an arbitrary booking ID. The nonce for this action is output in the HTML source of every public page through wp_localize_script (MPHB._data.nonces), so any unauthenticated visitor can obtain a valid nonce and…

PLUGIN Motopress Hotel Booking

CVE-2026-8684

MEDIUM CVSS 5.3 2026-05-22
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-8692 - Vedrixa Forms Registration Builder Plugin

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the structure of any form — adding, removing, or altering fields — by writing attacker-controlled data to the plugin's FORMS database table. The 'ajax-nonce' nonce used by…

PLUGIN Vedrixa Forms Registration Builder

CVE-2026-8692

MEDIUM CVSS 4.3 2026-05-22
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-7798 - FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Plugin

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires that the SES bounce handling key ('_fc_bounce_key') has never been stored (i.e., the site is in its default/unconfigured state with…

PLUGIN FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

CVE-2026-7798

MEDIUM CVSS 5.4 2026-05-22
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-7636 - Responsive Image Slider For Wordpress Plugin

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the map_meta_cap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract draft slider metadata including unpublished media URLs, captions, and slider configuration authored by administrators or editors.

PLUGIN Responsive Image Slider For Wordpress

CVE-2026-7636

MEDIUM CVSS 4.3 2026-05-22
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-7615 - Widget Context Plugin

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the save_widget_context_settings function. This makes it possible for unauthenticated attackers to modify widget visibility context settings stored in the WordPress options table via a forged POST request to /wp-admin/widgets.php via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Widget Context

CVE-2026-7615

MEDIUM CVSS 4.3 2026-05-22
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-9104 - Simple Draft List Plugin

The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The unescaped injection path is triggered specifically when the viewing user lacks edit capabilities, meaning payloads embedded in draft post titles via attribute-breakout techniques execute for unauthenticated users and…

PLUGIN Simple Draft List

CVE-2026-9104

MEDIUM CVSS 6.4 2026-05-22
Open Full Technical Breakdown
Threat Entry Updated 2026-05-22

CVE-2026-7509 - Kia Subtitle Plugin

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Kia Subtitle

CVE-2026-7509

MEDIUM CVSS 6.4 2026-05-22
Open Full Technical Breakdown
Scroll to top