Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11567
Total
772
Critical
3269
High
3678
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39543 | UNKNOWN | — | Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4. | Apr 08, 2026 |
| CVE-2026-39542 | UNKNOWN | — | Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from … | Apr 08, 2026 |
| CVE-2026-39541 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a … | Apr 08, 2026 |
| CVE-2026-39538 | UNKNOWN | — | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This … | Apr 08, 2026 |
| CVE-2026-39536 | UNKNOWN | — | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue … | Apr 08, 2026 |
| CVE-2026-39535 | UNKNOWN | — | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through … | Apr 08, 2026 |
| CVE-2026-39528 | UNKNOWN | — | Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= … | Apr 08, 2026 |
| CVE-2026-39526 | UNKNOWN | — | Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through < … | Apr 08, 2026 |
| CVE-2026-39521 | UNKNOWN | — | Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1. | Apr 08, 2026 |
| CVE-2026-39520 | UNKNOWN | — | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weDocs: from n/a through <= 2.1.18. | Apr 08, 2026 |
| CVE-2026-39517 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: … | Apr 08, 2026 |
| CVE-2026-39516 | UNKNOWN | — | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: … | Apr 08, 2026 |
| CVE-2026-39510 | UNKNOWN | — | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue … | Apr 08, 2026 |
| CVE-2026-39509 | UNKNOWN | — | Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. | Apr 08, 2026 |
| CVE-2026-39508 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects … | Apr 08, 2026 |
| CVE-2026-39506 | UNKNOWN | — | Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a … | Apr 08, 2026 |
| CVE-2026-39505 | UNKNOWN | — | Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a … | Apr 08, 2026 |
| CVE-2026-39504 | UNKNOWN | — | Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5. | Apr 08, 2026 |
| CVE-2026-39501 | UNKNOWN | — | Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5. | Apr 08, 2026 |
| CVE-2026-39500 | UNKNOWN | — | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This issue affects themesflat-addons-for-elementor: from n/a through <= … | Apr 08, 2026 |
| CVE-2026-39497 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: from … | Apr 08, 2026 |
| CVE-2026-39496 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from … | Apr 08, 2026 |
| CVE-2026-39495 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects … | Apr 08, 2026 |
| CVE-2026-39488 | UNKNOWN | — | Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | Apr 08, 2026 |
| CVE-2026-39487 | UNKNOWN | — | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from … | Apr 08, 2026 |