Latest CVE Vulnerabilities

0.0 NA

CVE-2026-24993 — WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vu…

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statis…

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24989 — WordPress SUMO Affiliates Pro plugin < 11.4.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0.

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24987 — WordPress WP System Log plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a thr…

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-24983 — WordPress UpSolution Core plugin <= 8.41 - Reflected Cross Site Scripting (XSS) vulnerabi…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from …

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24981 — WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-24980 — WordPress Visionary Core plugin <= 1.4.9 - Reflected Cross Site Scripting (XSS) vulnerabi…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-24979 — WordPress Jobica Core plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobica Core jobica-core allows Reflected XSS.This issue affects Jobica Core: from n/a th…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24978 — WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue affects Jobica Core: from n/a through <= 1.4.1.

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24977 — WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Orga…

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24976 — WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2.

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-24975 — WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici L…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24974 — WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.

| Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-24973 — WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a t…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24972 — WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a th…

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24971 — WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24970 — WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.…

| Path Traversal

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24969 — WordPress Instant VA theme <= 1.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a throu…

| Path Traversal

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24968 — WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24964 — WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnera…

Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: …

| Server-Side Request Forgery

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-24391 — WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a thr…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences