Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-26
CVE-2026-24366 - WooCommerce Plugin
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through
PLUGIN
WooCommerce
CVE-2026-24366
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24358 - Quiz And Survey Master Plugin
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through
PLUGIN
Quiz And Survey Master
CVE-2026-24358
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24356 - GetGenie Plugin
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through
PLUGIN
GetGenie
CVE-2026-24356
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24357 - WP Recipe Maker Plugin
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through
PLUGIN
WP Recipe Maker
CVE-2026-24357
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24361 - LearnPress – Course Review Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through
PLUGIN
LearnPress – Course Review
CVE-2026-24361
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-24354 - Penci Shortcodes & Performance Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through
PLUGIN
Penci Shortcodes & Performance
CVE-2026-24354
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24365 - WooCommerce Plugin
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.
PLUGIN
WooCommerce
CVE-2026-24365
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24355 - Houzez Theme - Functionality
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through
THEME
Houzez Theme - Functionality
CVE-2026-24355
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24360 - Seriously Simple Podcasting Plugin
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through
PLUGIN
Seriously Simple Podcasting
CVE-2026-24360
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-23978 - Gyan Elements Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through
PLUGIN
Gyan Elements
CVE-2026-23978
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-23975 - Golo Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5.
PLUGIN
Golo
CVE-2026-23975
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-23974 - Golo Plugin
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
PLUGIN
Golo
CVE-2026-23974
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-24353 - User Registration Plugin
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through
PLUGIN
User Registration
CVE-2026-24353
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-23976 - Modula Image Gallery Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through
PLUGIN
Modula Image Gallery
CVE-2026-23976
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22482 - IMGspider Plugin
Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through
PLUGIN
IMGspider
CVE-2026-22482
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22481 - BD Courier Order Ratio Checker Plugin
Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through
PLUGIN
BD Courier Order Ratio Checker
CVE-2026-22481
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22483 - teachPress Plugin
Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress teachpress allows Cross Site Request Forgery.This issue affects teachPress: from n/a through
PLUGIN
teachPress
CVE-2026-22483
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22472 - Easy Form Builder Plugin
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through
PLUGIN
Easy Form Builder
CVE-2026-22472
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22470 - FireStorm Professional Real Estate Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through
PLUGIN
FireStorm Professional Real Estate
CVE-2026-22470
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22464 - My auctions allegro Plugin
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through
PLUGIN
My auctions allegro
CVE-2026-22464
Risk Score