Threat Entry Updated 2026-02-20

CVE-2026-25008 - Ninja Tables Plugin

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through

PLUGIN Ninja Tables

CVE-2026-25008

MEDIUM CVSS 4.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-25003 - Client Portal Plugin

Missing Authorization vulnerability in madalin.ungureanu Client Portal client-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Portal: from n/a through

PLUGIN Client Portal

CVE-2026-25003

MEDIUM CVSS 4.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-24

CVE-2026-23805 - Media Search Enhanced Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through

PLUGIN Media Search Enhanced

CVE-2026-23805

HIGH CVSS 7.6 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-24

CVE-2026-23803 - Smart Auto Upload Images Plugin

Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through

PLUGIN Smart Auto Upload Images

CVE-2026-23803

MEDIUM CVSS 6.4 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-24392 - HurryTimer Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through

PLUGIN HurryTimer

CVE-2026-24392

MEDIUM CVSS 5.9 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-23804 - Better Business Reviews Plugin

Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through

PLUGIN Better Business Reviews

CVE-2026-23804

MEDIUM CVSS 5.4 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-25000 - Wheel of Life Plugin

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through

PLUGIN Wheel of Life

CVE-2026-25000

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-24999 - Alma Plugin

Missing Authorization vulnerability in Alma Alma alma-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alma: from n/a through

PLUGIN Alma

CVE-2026-24999

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-24375 - Ultimate Gift Cards For WooCommerce Plugin

Missing Authorization vulnerability in WP Swings Ultimate Gift Cards For WooCommerce woo-gift-cards-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Gift Cards For WooCommerce: from n/a through

PLUGIN Ultimate Gift Cards For WooCommerce

CVE-2026-24375

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-23549 - WpEvently Plugin

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through

PLUGIN WpEvently

CVE-2026-23549

CRITICAL CVSS 9.8 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-23542 - Grand Restaurant Plugin

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through

PLUGIN Grand Restaurant

CVE-2026-23542

CRITICAL CVSS 9.8 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-23544 - Valenti Plugin

Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through

PLUGIN Valenti

CVE-2026-23544

HIGH CVSS 8.8 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-20

CVE-2026-23547 - CMSMasters Content Composer Plugin

Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through

PLUGIN CMSMasters Content Composer

CVE-2026-23547

HIGH CVSS 7.1 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-26

CVE-2026-23545 - Aruba HiSpeed Cache Plugin

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through

PLUGIN Aruba HiSpeed Cache

CVE-2026-23545

MEDIUM CVSS 6.5 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-26

CVE-2026-23548 - DirectoryPress Plugin

Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through

PLUGIN DirectoryPress

CVE-2026-23548

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-26

CVE-2026-23543 - Essential Addons for Elementor Plugin

Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through

PLUGIN Essential Addons for Elementor

CVE-2026-23543

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-24

CVE-2026-22333 - YITH WooCommerce Compare Theme

Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through

THEME YITH WooCommerce Compare

CVE-2026-22333

HIGH CVSS 7.2 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-20

CVE-2026-22422 - Everest Forms Plugin

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through

PLUGIN Everest Forms

CVE-2026-22422

MEDIUM CVSS 5.3 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-02-19

CVE-2026-23541 - Mail Mint Plugin

Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mail Mint: from n/a through

PLUGIN Mail Mint

CVE-2026-23541

UNKNOWN CVSS 0.0 2026-02-19

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-04-15

CVE-2026-2502 - Xmlrpc Attacks Blocker Plugin

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute when an administrator views the debug log page.

PLUGIN Xmlrpc Attacks Blocker

CVE-2026-2502

MEDIUM CVSS 6.1 2026-02-19

Risk Score

Open Full Technical Breakdown