Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2026-24942

    Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1.... Read more

    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-24605

    Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23.... Read more

    Affected Products : x_addons_for_elementor
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-25015

    Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.53.... Read more

    Affected Products : userswp
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-24571

    Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-24579

    Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a... Read more

    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-24580

    Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= ... Read more

    Affected Products : ecwid_ecommerce_shopping_cart
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-22450

    Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-25011

    Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through <= ... Read more

    Affected Products : wp_custom_admin_interface
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-0554

    The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authent... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-22360

    Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon searchazon allows Cross Site Request Forgery.This issue affects SearchAzon: from n/a through <= 1.4.... Read more

    Affected Products :
    • Published: Jan. 22, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-23683

    SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted.... Read more

    Affected Products :
    • Published: Jan. 27, 2026
    • Modified: Jan. 27, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-15527

    The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api_get_post_summary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for auth... Read more

    Affected Products : wp_recipe_maker
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2026-24966

    Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1.... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2026-24985

    Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a ... Read more

    Affected Products :
    • Published: Feb. 03, 2026
    • Modified: Feb. 03, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-24578

    Missing Authorization vulnerability in Jahid Hasan Admin login URL Change admin-login-url-change allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin login URL Change: from n/a through <= 1.1.5.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-24567

    Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-24563

    Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-13921

    The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' functi... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2026-24535

    Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Vide... Read more

    Affected Products :
    • Published: Jan. 23, 2026
    • Modified: Jan. 26, 2026
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-14982

    The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and... Read more

    Affected Products : booking_calendar
    • Published: Jan. 16, 2026
    • Modified: Jan. 16, 2026
    • Vuln Type: Authorization
Showing 20 of 4679 Results