CVE search
364,903 resultsCVE-2026-8622MEDIUMImage Sizes on Demand <= 1.3 - Reflected Cross-Site Scripting via PHP_SELF Server VariableEPSS 0.2%CVE-2026-9612MEDIUMWhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLsEPSS 0.3%CVE-2026-8688MEDIUMAdvance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX ActionEPSS 0.2%CVE-2026-9620MEDIUMWP Latest Posts <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting via Post Content Image src AttributeEPSS 0.2%CVE-2026-8865MEDIUMAvalon23 Products Filter for WooCommerce <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2026-8896MEDIUMMIR blocks and shortcodes <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2026-9183MEDIUM24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script LocalizationEPSS 0.2%CVE-2026-12416CRITICALInvoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' ParameterEPSS 0.4%CVE-2026-12417CRITICALSignUp & SignIn <= 1.0.0 - Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account TakeoverEPSS 0.5%CVE-2026-9643HIGHWP Meta SEO <= 4.5.18 - Unauthenticated Stored Cross-Site Scripting via REQUEST_URI in 404 LoggingEPSS 0.2%CVE-2026-9172MEDIUMDevs Accounting <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion via /delete-account/ REST EndpointEPSS 0.2%CVE-2026-6292MEDIUMMP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.2%CVE-2026-9616MEDIUMGenerate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX ActionEPSS 0.2%CVE-2026-8617MEDIUMSearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX ActionsEPSS 0.2%CVE-2026-9184MEDIUM24liveblog <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification via update_lb24_token AJAX actionEPSS 0.2%CVE-2026-8705HIGHClearSale Total <= 3.4.2 - Unauthenticated SQL InjectionEPSS 0.5%CVE-2026-8628MEDIUMEntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF ParameterEPSS 0.2%CVE-2026-12095HIGHKargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' ParameterEPSS 0.3%CVE-2026-10552MEDIUMBlue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' ParameterEPSS 0.1%CVE-2026-8614MEDIUMAssistio <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Deletion via assistio_plugin_delete_assistio_settings AJAX ActionEPSS 0.2%