Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-26
CVE-2026-25329 - Quiz And Survey Master Plugin
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through
PLUGIN
Quiz And Survey Master
CVE-2026-25329
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25322 - PublishPress Revisions Plugin
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through
PLUGIN
PublishPress Revisions
CVE-2026-25322
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25324 - Quiz And Survey Master Plugin
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through
PLUGIN
Quiz And Survey Master
CVE-2026-25324
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25321 - SupportCandy Plugin
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through
PLUGIN
SupportCandy
CVE-2026-25321
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25320 - Elementor Contact Form DB Plugin
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through
PLUGIN
Elementor Contact Form DB
CVE-2026-25320
Risk Score
Threat Entry
Updated 2026-02-27
CVE-2026-25323 - OSM Plugin
Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through
PLUGIN
OSM
CVE-2026-25323
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25319 - Zita Elementor Site Library Plugin
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through
PLUGIN
Zita Elementor Site Library
CVE-2026-25319
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25318 - WiserReview Product Reviews for WooCommerce Plugin
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through
PLUGIN
WiserReview Product Reviews for WooCommerce
CVE-2026-25318
Risk Score
Threat Entry
Updated 2026-02-24
CVE-2026-25316 - CartFlows Plugin
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through
PLUGIN
CartFlows
CVE-2026-25316
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25311 - Autoshare for Twitter Plugin
Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitter: from n/a through
PLUGIN
Autoshare for Twitter
CVE-2026-25311
Risk Score
Threat Entry
Updated 2026-03-30
CVE-2026-25315 - WordPress Core
Improperly implemented security check vulnerability in KAGG hCaptcha for WP allows CAPTCHA Functionality Bypass.This issue affects hCaptcha for WP: from n/a through 4.21.1. The vulnerability is limited to the CAPTCHA mechanism intended to protect a publicly accessible form from automated abuse. It does not impact WordPress-level authentication or authorization controls.
CORE
WordPress Core
CVE-2026-25315
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25310 - Extend Link Plugin
Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through
PLUGIN
Extend Link
CVE-2026-25310
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25314 - TOP Table Of Contents Plugin
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through
PLUGIN
TOP Table Of Contents
CVE-2026-25314
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25313 - FluentForm Plugin
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through
PLUGIN
FluentForm
CVE-2026-25313
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25308 - Simple Membership Plugin
Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: from n/a through
PLUGIN
Simple Membership
CVE-2026-25308
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25307 - XStore Core Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.
PLUGIN
XStore Core
CVE-2026-25307
Risk Score
Threat Entry
Updated 2026-02-27
CVE-2026-25305 - XStore Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through
PLUGIN
XStore
CVE-2026-25305
Risk Score
Threat Entry
Updated 2026-02-27
CVE-2026-25006 - XStore Plugin
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through
PLUGIN
XStore
CVE-2026-25006
Risk Score
Threat Entry
Updated 2026-02-20
CVE-2026-25005 - Frontend File Manager Plugin
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through
PLUGIN
Frontend File Manager
CVE-2026-25005
Risk Score
Threat Entry
Updated 2026-02-19
CVE-2026-25004 - CM Business Directory Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue affects CM Business Directory: from n/a through
PLUGIN
CM Business Directory
CVE-2026-25004
Risk Score