Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-26
CVE-2026-22398 - Fleur Plugin
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through
PLUGIN
Fleur
CVE-2026-22398
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22388 - Owl Carousel WP Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through
PLUGIN
Owl Carousel WP
CVE-2026-22388
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22396 - Fiorello Plugin
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through
PLUGIN
Fiorello
CVE-2026-22396
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22393 - Curly Plugin
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through
PLUGIN
Curly
CVE-2026-22393
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22391 - Cocco Plugin
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through
PLUGIN
Cocco
CVE-2026-22391
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22382 - PawFriends - Pet Shop and Veterinary WordPress Theme
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through
THEME
PawFriends - Pet Shop and Veterinary WordPress Theme
CVE-2026-22382
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22360 - SearchAzon Plugin
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through
PLUGIN
SearchAzon
CVE-2026-22360
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22355 - Simple XML Sitemap Plugin
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through
PLUGIN
Simple XML Sitemap
CVE-2026-22355
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22353 - teachPress Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in winkm89 teachPress teachpress allows Stored XSS.This issue affects teachPress: from n/a through
PLUGIN
teachPress
CVE-2026-22353
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22347 - Carousel Horizontal Posts Content Slider Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through
PLUGIN
Carousel Horizontal Posts Content Slider
CVE-2026-22347
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22358 - Electrician - Electrical Service WordPress Plugin
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through
PLUGIN
Electrician - Electrical Service WordPress
CVE-2026-22358
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2026-22349 - Menu In Post Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through
PLUGIN
Menu In Post
CVE-2026-22349
Risk Score
Threat Entry
Updated 2026-01-27
CVE-2026-22348 - Civic Cookie Control Plugin
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through
PLUGIN
Civic Cookie Control
CVE-2026-22348
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-22359 - Wordpress Movies Bulk Importer Plugin
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a through
PLUGIN
Wordpress Movies Bulk Importer
CVE-2026-22359
Risk Score
Threat Entry
Updated 2026-01-28
CVE-2025-69004 - Bajaar Allows Php Local File Inclusion Theme
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress Theme: from n/a through
THEME
Bajaar Allows Php Local File Inclusion
CVE-2025-69004
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-53240 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through
CORE
WordPress Core
CVE-2025-53240
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-49043 - WordPress Core
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through
CORE
WordPress Core
CVE-2025-49043
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-0920 - La Studio Element Kit For Elementor Plugin
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
PLUGIN
La Studio Element Kit For Elementor
CVE-2026-0920
Risk Score
Threat Entry
Updated 2026-04-15
CVE-2026-1036 - Photo Gallery Plugin
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_comment() function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to delete arbitrary image comments. Note: comments functionality is only available in the Pro version of the plugin.
PLUGIN
Photo Gallery
CVE-2026-1036
Risk Score
Threat Entry
Updated 2026-01-26
CVE-2025-15521 - Wordpress Lms Plugin For Complete Elearning Solution
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account.
PLUGIN
Wordpress Lms Plugin For Complete Elearning Solution
CVE-2025-15521
Risk Score