Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,956
Critical920
High3,037
Medium10,800
Reset
Showing 641-660 of 14956 records
Threat Entry Updated 2026-02-23

CVE-2026-22357 - Link Whisper Free Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through

PLUGIN Link Whisper Free

CVE-2026-22357

HIGH CVSS 7.1 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-22352 - Persian Woocommerce SMS Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through

PLUGIN Persian Woocommerce SMS

CVE-2026-22352

HIGH CVSS 7.1 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2026-22351 - WP FullCalendar Plugin

Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through

PLUGIN WP FullCalendar

CVE-2026-22351

MEDIUM CVSS 6.5 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-24

CVE-2026-22346 - Slider Responsive Slideshow – Image slider, Gallery slideshow Plugin

Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through

PLUGIN Slider Responsive Slideshow – Image slider, Gallery slideshow

CVE-2026-22346

HIGH CVSS 8.8 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-24

CVE-2026-22345 - Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery Plugin

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through

PLUGIN Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery

CVE-2026-22345

HIGH CVSS 8.8 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-24

CVE-2026-22344 - FiveStar Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through

PLUGIN FiveStar

CVE-2026-22344

HIGH CVSS 8.1 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-25

CVE-2026-22350 - PDF for Elementor Forms + Drag And Drop Template Builder Plugin

Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through

PLUGIN PDF for Elementor Forms + Drag And Drop Template Builder

CVE-2026-22350

MEDIUM CVSS 6.5 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-24

CVE-2026-22341 - Booked Plugin

Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through

PLUGIN Booked

CVE-2026-22341

MEDIUM CVSS 5.4 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2025-69385 - Cartify Allows Exploiting Incorrectly Configured Access Control Security Levels Theme

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through

THEME Cartify Allows Exploiting Incorrectly Configured Access Control Security Levels

CVE-2025-69385

MEDIUM CVSS 6.5 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2025-69368 - Soho Allows Dom Based Xss Theme

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through

THEME Soho Allows Dom Based Xss

CVE-2025-69368

HIGH CVSS 7.1 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-23

CVE-2025-69367 - Oyster Allows Dom Based Xss Theme

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through

THEME Oyster Allows Dom Based Xss

CVE-2025-69367

HIGH CVSS 7.1 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-25

CVE-2025-68837 - WordPress Core

Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through

CORE WordPress Core

CVE-2025-68837

MEDIUM CVSS 6.5 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-25

CVE-2025-68028 - WordPress Core

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through

CORE WordPress Core

CVE-2025-68028

MEDIUM CVSS 6.5 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-2486 - Master Addons For Elementor Plugin

The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Master Addons For Elementor

CVE-2026-2486

MEDIUM CVSS 6.4 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-26370 - Survey Maker Plugin

WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web browser.

PLUGIN Survey Maker

CVE-2026-26370

MEDIUM CVSS 5.1 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-04-15

CVE-2026-2384 - Quiz Maker Plugin

The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This vulnerability requires WPBakery Page Builder to be installed and active

PLUGIN Quiz Maker

CVE-2026-2384

MEDIUM CVSS 6.4 2026-02-20
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-27440 - myCred Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through

PLUGIN myCred

CVE-2026-27440

MEDIUM CVSS 6.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-27387 - DirectoryPress Plugin

Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through

PLUGIN DirectoryPress

CVE-2026-27387

MEDIUM CVSS 5.4 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-25

CVE-2026-27368 - Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin

Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through

PLUGIN Coming Soon Page, Under Construction & Maintenance Mode by SeedProd

CVE-2026-27368

MEDIUM CVSS 5.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-27343 - Airtifact Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through

PLUGIN Airtifact

CVE-2026-27343

HIGH CVSS 7.5 2026-02-19
Open Full Technical Breakdown
Scroll to top