Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-27
CVE-2026-24542 - WP Term Order Plugin
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through
PLUGIN
WP Term Order
CVE-2026-24542
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24531 - Prowess Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through
PLUGIN
Prowess
CVE-2026-24531
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24534 - Booter Plugin
Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through
PLUGIN
Booter
CVE-2026-24534
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24538 - Omnipress Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through
PLUGIN
Omnipress
CVE-2026-24538
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24536 - Webpushr Plugin
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through
PLUGIN
Webpushr
CVE-2026-24536
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24535 - Automatic Featured Images Plugin
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through
PLUGIN
Automatic Featured Images
CVE-2026-24535
Risk Score
Threat Entry
Updated 2026-02-17
CVE-2026-24532 - SiteLock Security – WP Hardening, Login Security & Malware Scans Plugin
Missing Authorization vulnerability in SiteLock SiteLock Security – WP Hardening, Login Security & Malware Scans allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security – WP Hardening, Login Security & Malware Scans: from n/a through 5.0.2.
PLUGIN
SiteLock Security – WP Hardening, Login Security & Malware Scans
CVE-2026-24532
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24524 - Tablesome Plugin
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through
PLUGIN
Tablesome
CVE-2026-24524
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24523 - WP FullCalendar Plugin
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through
PLUGIN
WP FullCalendar
CVE-2026-24523
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24528 - Nova Blocks Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through
PLUGIN
Nova Blocks
CVE-2026-24528
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24526 - WooCommerce Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through
PLUGIN
WooCommerce
CVE-2026-24526
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2026-24530 - WebP Conversion Plugin
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through
PLUGIN
WebP Conversion
CVE-2026-24530
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2026-24529 - Quick Restaurant Reservations Plugin
Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through
PLUGIN
Quick Restaurant Reservations
CVE-2026-24529
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2026-24525 - CLP Varnish Cache Plugin
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through
PLUGIN
CLP Varnish Cache
CVE-2026-24525
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24522 - WP Subscribe Plugin
Missing Authorization vulnerability in MyThemeShop WP Subscribe wp-subscribe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Subscribe: from n/a through
PLUGIN
WP Subscribe
CVE-2026-24522
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24521 - Kama Thumbnail Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through
PLUGIN
Kama Thumbnail
CVE-2026-24521
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-13921 - Ai Chatbot Plugin
The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit any documentation post. The vulnerability was partially patched in version 2.1.16.
PLUGIN
Ai Chatbot
CVE-2025-13921
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0914 - Shapepress Dsgvo Plugin
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Shapepress Dsgvo
CVE-2026-0914
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-14866 - Melapress Role Editor Plugin
The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to assign themselves additional roles including Administrator.
PLUGIN
Melapress Role Editor
CVE-2025-14866
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2024-11976 - The Buddypress Plugin
The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
The Buddypress
CVE-2024-11976
Risk Score