46976+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
Missing Authorization vulnerability in Digages Direct Payments WP direct-payments-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through …
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.
Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through …
Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in …
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: …
Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through <= 1.0.24.
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a …
Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured Access Control Security …
Missing Authorization vulnerability in themesawesome History Timeline timeline-awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through <= 1.0.6.
Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through <= 1.6.1.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This issue affects Post …
Cross-Site Request Forgery (CSRF) vulnerability in manidoraisamy FormFacade formfacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through <= 1.4.1.
Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a …
Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a …
Missing Authorization vulnerability in wpdiscover Accordion Slider Gallery accordion-slider-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through …
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.
Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: …
Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 …
Missing Authorization vulnerability in quadlayers AI Copilot ai-copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through <= 1.5.2.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download …
Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.
Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through <= 4.2.1.
Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes …
Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker inext-woo-pincode-checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: …
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping …
Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies wp-export-categories-taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & …
Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a …
Cross-Site Request Forgery (CSRF) vulnerability in appointify Appointify appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through <= 1.0.8.
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: …
Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.
Authorization Bypass Through User-Controlled Key vulnerability in Eduardo Villão MyD Delivery myd-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyD Delivery: from …
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing …
Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master …
Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.
Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through …
Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through …
Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through <= …
Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.
Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through …
Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through <= 4.4.
Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms descriptions: from n/a …
Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through …
Missing Authorization vulnerability in totalsoft Portfolio Gallery gallery-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through <= 1.4.8.
Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial …
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live …
Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas woocommerce-parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Stored XSS.This issue affects Add Custom Codes: …
Free website and port scanning — find vulnerabilities before attackers do.