Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-15
CVE-2026-1369 - Conditional Captcha Plugin
The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
PLUGIN
Conditional Captcha
CVE-2026-1369
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1787 - LearnPress – Backup & Migration Tool Plugin
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to delete course that have been migrated from Tutor LMS. The Tutor LMS plugin must be installed and activated in order to exploit the vulnerability.
PLUGIN
LearnPress – Backup & Migration Tool
CVE-2026-1787
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2025-14339 - And Automation Plugin
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only validating the `X-WP-Nonce` header without checking user capabilities. Since the REST nonce is exposed to unauthenticated visitors via the `weMail` JavaScript object on pages with weMail forms, any unauthenticated user can permanently delete all weMail forms by extracting the nonce from the page source and sending a DELETE request to…
PLUGIN
And Automation
CVE-2025-14339
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-27072 - PixelYourSite – Your smart PIXEL (TAG) Manager Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through
PLUGIN
PixelYourSite – Your smart PIXEL (TAG) Manager
CVE-2026-27072
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-24956 - Download Manager Addons for Elementor Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through
PLUGIN
Download Manager Addons for Elementor
CVE-2026-24956
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-24959 - JS Help Desk Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through
PLUGIN
JS Help Desk
CVE-2026-24959
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-24950 - Authorsy Plugin
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through
PLUGIN
Authorsy
CVE-2026-24950
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-24955 - Whizz Plugins
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Whizz Plugins whizz-plugins allows Reflected XSS.This issue affects Whizz Plugins: from n/a through
PLUGIN
Whizz Plugins
CVE-2026-24955
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-24949 - PhotoMe Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through
PLUGIN
PhotoMe
CVE-2026-24949
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-24948 - Reflector Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through
PLUGIN
Reflector
CVE-2026-24948
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-24953 - Simple File List Plugin
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List simple-file-list allows Path Traversal.This issue affects Simple File List: from n/a through
PLUGIN
Simple File List
CVE-2026-24953
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-24946 - Print Invoice & Delivery Notes for WooCommerce Plugin
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through
PLUGIN
Print Invoice & Delivery Notes for WooCommerce
CVE-2026-24946
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22384 - Applay - Shortcodes Plugin
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through
PLUGIN
Applay - Shortcodes
CVE-2026-22384
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-24941 - WP Job Portal Plugin
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through
PLUGIN
WP Job Portal
CVE-2026-24941
Risk Score
Threat Entry
Updated 2026-02-23
CVE-2026-24943 - Grand Conference Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through
PLUGIN
Grand Conference
CVE-2026-24943
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-24944 - Subscribe2 Plugin
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through
PLUGIN
Subscribe2
CVE-2026-24944
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22381 - PawFriends - Pet Shop and Veterinary WordPress Theme
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through
THEME
PawFriends - Pet Shop and Veterinary WordPress Theme
CVE-2026-22381
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-22380 - UnlimHost Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through
PLUGIN
UnlimHost
CVE-2026-22380
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-22379 - Netmix Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through
PLUGIN
Netmix
CVE-2026-22379
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-22378 - Blabber Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through
PLUGIN
Blabber
CVE-2026-22378
Risk Score