Latest CVE Vulnerabilities

0.0 NA

CVE-2026-24382 — WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability

Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a thr…

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24378 — WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.

eventprime | Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24376 — WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from …

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24373 — WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: …

registrationmagic | Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24372 — WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerabi…

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerc…

| Authentication

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

6.5 MEDIUM

CVE-2026-24370 — WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24369 — WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24364 — WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a t…

wp_user_frontend | Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24363 — WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Cont…

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24362 — WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from …

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-24359 — WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.

| Authentication

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-23979 — WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerabil…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: f…

Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-23977 — WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access …

Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security …

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-23973 — WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.

golo | Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-23972 — WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-23971 — WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8.

woodmart | Injection

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

7.1 HIGH

CVE-2026-23807 — WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Script…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affec…

wp_telegram_widget_and_join_link | Remote | Cross-Site Scripting

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

0.0 NA

CVE-2026-23806 — WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for Wor…

| Authorization

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

5.5 MEDIUM

CVE-2026-23636 — Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerou…

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type du…

Remote | Misconfiguration

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

6.5 MEDIUM

CVE-2026-23635 — Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Cred…

Remote | Misconfiguration

Mar 25, 2026 Mar 25, 2026

Mar 25, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences