Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total15,024
Critical923
High3,044
Medium10,857
Reset
Showing 1321-1340 of 15024 records
Threat Entry Updated 2026-01-26

CVE-2026-24619 - PopCash.Net Code Integration Tool Plugin

Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through

PLUGIN PopCash.Net Code Integration Tool

CVE-2026-24619

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24615 - Cream Magazine Plugin

Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through

PLUGIN Cream Magazine

CVE-2026-24615

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24613 - Ecwid Shopping Cart Plugin

Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through

PLUGIN Ecwid Shopping Cart

CVE-2026-24613

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24609 - Laurent Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through

PLUGIN Laurent

CVE-2026-24609

HIGH CVSS 7.5 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24608 - Laurent Core Plugin

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through

PLUGIN Laurent Core

CVE-2026-24608

HIGH CVSS 7.5 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24612 - Orchid Store Plugin

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through

PLUGIN Orchid Store

CVE-2026-24612

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24607 - Travel Monster Plugin

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through

PLUGIN Travel Monster

CVE-2026-24607

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24606 - WooCommerce Plugin

Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through

PLUGIN WooCommerce

CVE-2026-24606

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24604 - Simple GDPR Cookie Compliance Plugin

Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through

PLUGIN Simple GDPR Cookie Compliance

CVE-2026-24604

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24605 - Elementor Plugin

Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through

PLUGIN Elementor

CVE-2026-24605

MEDIUM CVSS 4.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24601 - Penci Pay Writer Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through

PLUGIN Penci Pay Writer

CVE-2026-24601

MEDIUM CVSS 5.4 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24600 - Penci Review Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through

PLUGIN Penci Review

CVE-2026-24600

MEDIUM CVSS 5.4 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24603 - Universal Google Adsense and Ads manager Plugin

Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through

PLUGIN Universal Google Adsense and Ads manager

CVE-2026-24603

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24599 - NextMove Lite Plugin

Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through

PLUGIN NextMove Lite

CVE-2026-24599

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24595 - Zoho CRM Lead Magnet Plugin

Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through

PLUGIN Zoho CRM Lead Magnet

CVE-2026-24595

MEDIUM CVSS 5.4 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24591 - Yoast SEO Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through

PLUGIN Yoast SEO

CVE-2026-24591

MEDIUM CVSS 5.4 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24593 - WordPress Core

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through

CORE WordPress Core

CVE-2026-24593

MEDIUM CVSS 5.3 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24594 - Livemesh Addons for WPBakery Page Builder Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through

PLUGIN Livemesh Addons for WPBakery Page Builder

CVE-2026-24594

MEDIUM CVSS 4.8 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-04-23

CVE-2026-24596 - Related Posts Thumbnails Plugin for WordPress

Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts Thumbnails Plugin for WordPress: from n/a through

PLUGIN Related Posts Thumbnails Plugin for WordPress

CVE-2026-24596

MEDIUM CVSS 4.7 2026-01-23
Open Full Technical Breakdown
Threat Entry Updated 2026-01-26

CVE-2026-24598 - Multilanguage by BestWebSoft Plugin

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through

PLUGIN Multilanguage by BestWebSoft

CVE-2026-24598

MEDIUM CVSS 4.3 2026-01-23
Open Full Technical Breakdown
Scroll to top