Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total16,420
Critical1,046
High3,625
Medium11,546
Reset
Showing 81-100 of 16420 records
Threat Entry Updated 2026-05-27

CVE-2026-42735 - KiviCare Plugin

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through

PLUGIN KiviCare

CVE-2026-42735

HIGH CVSS 8.2 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42736 - BP Better Messages Plugin

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through

PLUGIN BP Better Messages

CVE-2026-42736

HIGH CVSS 7.5 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42745 - Smart Online Order for Clover Plugin

Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Authentication Bypass.This issue affects Smart Online Order for Clover: from n/a through

PLUGIN Smart Online Order for Clover

CVE-2026-42745

HIGH CVSS 7.3 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42739 - Advanced IP Blocker Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through

PLUGIN Advanced IP Blocker

CVE-2026-42739

HIGH CVSS 7.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42738 - Smart Online Order for Clover Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through

PLUGIN Smart Online Order for Clover

CVE-2026-42738

HIGH CVSS 7.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42744 - Ads by WPQuads Plugin

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Manipulating Hidden Fields.This issue affects Ads by WPQuads: from n/a through

PLUGIN Ads by WPQuads

CVE-2026-42744

MEDIUM CVSS 6.5 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42731 - miniorange otp verification Plugin

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through

PLUGIN miniorange otp verification

CVE-2026-42731

CRITICAL CVSS 9.8 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42727 - Active Products Tables for WooCommerce Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through

PLUGIN Active Products Tables for WooCommerce

CVE-2026-42727

CRITICAL CVSS 9.3 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42730 - MasterStudy LMS Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through

PLUGIN MasterStudy LMS

CVE-2026-42730

HIGH CVSS 8.5 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42734 - Geo Mashup Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through

PLUGIN Geo Mashup

CVE-2026-42734

HIGH CVSS 7.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42733 - WPCS Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 WPCS currency-switcher allows DOM-Based XSS.This issue affects WPCS: from n/a through

PLUGIN WPCS

CVE-2026-42733

HIGH CVSS 7.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42729 - PropertyHive Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through

PLUGIN PropertyHive

CVE-2026-42729

HIGH CVSS 7.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42728 - Contact Form 7 Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows Stored XSS.This issue affects HT Contact Form 7: from n/a through

PLUGIN Contact Form 7

CVE-2026-42728

HIGH CVSS 7.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42732 - Ads by WPQuads Plugin

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through

PLUGIN Ads by WPQuads

CVE-2026-42732

MEDIUM CVSS 6.5 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42726 - WordPress Core

Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AWP Classifieds: from n/a through

CORE WordPress Core

CVE-2026-42726

MEDIUM CVSS 6.5 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-42725 - Checkout Files Upload for WooCommerce Plugin

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through

PLUGIN Checkout Files Upload for WooCommerce

CVE-2026-42725

MEDIUM CVSS 6.5 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-3349 - Minhnhut Link Gateway Plugin

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Minhnhut Link Gateway

CVE-2026-3349

MEDIUM CVSS 6.1 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-3348 - Minhnhut Link Gateway Plugin

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings (Description, Title, and other fields) in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the redirect page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Minhnhut Link Gateway

CVE-2026-3348

MEDIUM CVSS 4.4 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-2288 - Mylinksdump Plugin

The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_title' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Mylinksdump

CVE-2026-2288

MEDIUM CVSS 4.8 2026-05-27
Open Full Technical Breakdown
Threat Entry Updated 2026-05-27

CVE-2026-2280 - Rexcrawler Plugin

The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Rexcrawler

CVE-2026-2280

MEDIUM CVSS 4.8 2026-05-27
Open Full Technical Breakdown
Scroll to top