Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total14,956
Critical920
High3,037
Medium10,800
Reset
Showing 681-700 of 14956 records
Threat Entry Updated 2026-02-19

CVE-2026-27042 - NotificationX Plugin

Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through

PLUGIN NotificationX

CVE-2026-27042

MEDIUM CVSS 5.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-27056 - iThemes Sync

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through

THEME iThemes Sync

CVE-2026-27056

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-27055 - Penci AI SmartContent Creator Plugin

Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through

PLUGIN Penci AI SmartContent Creator

CVE-2026-27055

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-25472 - Fusion Builder Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through

PLUGIN Fusion Builder

CVE-2026-25472

MEDIUM CVSS 6.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25473 - WZone Plugin

Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through

PLUGIN WZone

CVE-2026-25473

MEDIUM CVSS 5.4 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25463 - Wpresidence Core Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through

PLUGIN Wpresidence Core

CVE-2026-25463

MEDIUM CVSS 6.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-25453 - Advanced iFrame Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through

PLUGIN Advanced iFrame

CVE-2026-25453

MEDIUM CVSS 6.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-25451 - Bold Page Builder Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through

PLUGIN Bold Page Builder

CVE-2026-25451

MEDIUM CVSS 6.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25432 - Omnipress Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through

PLUGIN Omnipress

CVE-2026-25432

MEDIUM CVSS 6.5 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25441 - LeadConnector Plugin

Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through

PLUGIN LeadConnector

CVE-2026-25441

MEDIUM CVSS 5.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25428 - TS Poll Plugin

Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through

PLUGIN TS Poll

CVE-2026-25428

MEDIUM CVSS 4.4 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25459 - Sober Plugin

Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through

PLUGIN Sober

CVE-2026-25459

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25423 - Real 3D FlipBook Plugin

Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through

PLUGIN Real 3D FlipBook

CVE-2026-25423

LOW CVSS 3.8 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25418 - Bit Form Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through

PLUGIN Bit Form

CVE-2026-25418

HIGH CVSS 7.6 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-27

CVE-2026-25422 - Popularis Extra Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through

PLUGIN Popularis Extra

CVE-2026-25422

MEDIUM CVSS 5.4 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25415 - WPBookit Pro Plugin

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through

PLUGIN WPBookit Pro

CVE-2026-25415

MEDIUM CVSS 5.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-20

CVE-2026-25420 - MailerLite Plugin

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through

PLUGIN MailerLite

CVE-2026-25420

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25419 - UpsellWP Plugin

Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through

PLUGIN UpsellWP

CVE-2026-25419

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25416 - News Kit Elementor Addons Theme

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through

THEME News Kit Elementor Addons

CVE-2026-25416

MEDIUM CVSS 4.3 2026-02-19
Open Full Technical Breakdown
Threat Entry Updated 2026-02-19

CVE-2026-25408 - Broken Link Notifier Plugin

Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through

PLUGIN Broken Link Notifier

CVE-2026-25408

MEDIUM CVSS 5.3 2026-02-19
Open Full Technical Breakdown
Scroll to top