Total
6614 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24613 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5. | |||||
| CVE-2026-24602 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Raptive Raptive Ads adthrive-ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Raptive Ads: from n/a through <= 3.10.0. | |||||
| CVE-2026-24622 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Suggestion Toolkit: from n/a through <= 5.0. | |||||
| CVE-2026-24612 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15. | |||||
| CVE-2026-24619 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through <= 1.8. | |||||
| CVE-2026-24588 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4. | |||||
| CVE-2026-24625 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through <= 1.7.3. | |||||
| CVE-2026-24562 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Ryviu Ryviu – Product Reviews for WooCommerce ryviu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ryviu – Product Reviews for WooCommerce: from n/a through <= 3.1.26. | |||||
| CVE-2026-24561 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1. | |||||
| CVE-2026-24585 | 2026-01-26 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a through <= 1.5.0. | |||||
| CVE-2026-24604 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0. | |||||
| CVE-2026-24633 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized Minify: from n/a through <= 3.1.0. | |||||
| CVE-2026-24615 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through <= 2.1.10. | |||||
| CVE-2026-24606 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.11. | |||||
| CVE-2026-24616 | 2026-01-26 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3. | |||||
| CVE-2026-0927 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files. | |||||
| CVE-2026-24595 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.5. | |||||
| CVE-2026-24627 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through <= 2.0.0. | |||||
| CVE-2026-24577 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7. | |||||
| CVE-2025-13921 | 2026-01-26 | N/A | 4.3 MEDIUM | ||
| The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing capability check on the 'wedocs_user_documentation_handling_capabilities' function in all versions up to, and including, 2.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit any documentation post. The vulnerability was partially patched in version 2.1.16. | |||||