Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-19
CVE-2026-25372 - Academy LMS Plugin
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through
PLUGIN
Academy LMS
CVE-2026-25372
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25368 - Calculated Fields Form Plugin
Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through
PLUGIN
Calculated Fields Form
CVE-2026-25368
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25362 - FooGallery Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through
PLUGIN
FooGallery
CVE-2026-25362
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25374 - Spa and Salon Plugin
Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through
PLUGIN
Spa and Salon
CVE-2026-25374
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-25370 - WP Compress Plugin
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through
PLUGIN
WP Compress
CVE-2026-25370
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25367 - CitiLights Plugin
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.
PLUGIN
CitiLights
CVE-2026-25367
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25364 - Client Invoicing by Sprout Invoices Plugin
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through
PLUGIN
Client Invoicing by Sprout Invoices
CVE-2026-25364
Risk Score
Threat Entry
Updated 2026-02-26
CVE-2026-25363 - FooGallery Plugin
Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through
PLUGIN
FooGallery
CVE-2026-25363
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25343 - WP SMS Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through
PLUGIN
WP SMS
CVE-2026-25343
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25337 - Coachify Plugin
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through
PLUGIN
Coachify
CVE-2026-25337
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25348 - Download Alt Text AI Plugin
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through
PLUGIN
Download Alt Text AI
CVE-2026-25348
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25338 - AI ChatBot with ChatGPT and Content Generator by AYS Plugin
Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through
PLUGIN
AI ChatBot with ChatGPT and Content Generator by AYS
CVE-2026-25338
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25336 - Coachify Plugin
Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through
PLUGIN
Coachify
CVE-2026-25336
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25333 - Shopwell Plugin
Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through
PLUGIN
Shopwell
CVE-2026-25333
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25335 - Secure Copy Content Protection and Content Locking Plugin
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through
PLUGIN
Secure Copy Content Protection and Content Locking
CVE-2026-25335
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25326 - CMSMasters Content Composer Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through
PLUGIN
CMSMasters Content Composer
CVE-2026-25326
Risk Score
Threat Entry
Updated 2026-02-27
CVE-2026-25331 - WP Activity Log Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through
PLUGIN
WP Activity Log
CVE-2026-25331
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25332 - Endless Posts Navigation Plugin
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through
PLUGIN
Endless Posts Navigation
CVE-2026-25332
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-25325 - rtMedia for WordPress, BuddyPress and bbPress Plugin
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through
PLUGIN
rtMedia for WordPress, BuddyPress and bbPress
CVE-2026-25325
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25330 - PublishPress Authors Plugin
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through
PLUGIN
PublishPress Authors
CVE-2026-25330
Risk Score