Newest CVEs

ID	Description	Severity	Updated
CVE-2026-32415	Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.	medium	2026-03-17
CVE-2026-32414	Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.	high	2026-03-16
CVE-2026-32413	Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.	medium	2026-03-16
CVE-2026-32412	Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.	medium	2026-03-16
CVE-2026-32411	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.	medium	2026-03-16
CVE-2026-32410	Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.	medium	2026-03-16
CVE-2026-32409	Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.	medium	2026-03-16
CVE-2026-32408	Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.	medium	2026-03-16
CVE-2026-32407	Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.	medium	2026-03-16
CVE-2026-32406	Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.	medium	2026-03-16
CVE-2026-32405	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.	medium	2026-03-17
CVE-2026-32404	Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.	medium	2026-03-16
CVE-2026-32403	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.	medium	2026-03-16
CVE-2026-32402	Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.	medium	2026-03-16
CVE-2026-32401	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.	high	2026-03-17
CVE-2026-32400	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.	high	2026-03-16
CVE-2026-32399	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.	high	2026-03-16
CVE-2026-32398	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through <= 1.5.15.	medium	2026-03-17
CVE-2026-32397	Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.	medium	2026-03-16
CVE-2026-32396	Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.	medium	2026-03-16
CVE-2026-32395	Missing Authorization vulnerability in Xpro Xpro Addons For Beaver Builder – Lite xpro-addons-beaver-builder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Addons For Beaver Builder – Lite: from n/a through <= 1.5.6.	medium	2026-03-16
CVE-2026-32394	Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0.	medium	2026-03-16
CVE-2026-32393	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.	high	2026-03-17
CVE-2026-32392	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.	high	2026-03-16
CVE-2026-32391	Missing Authorization vulnerability in linethemes SmartFix smartfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SmartFix: from n/a through < 1.2.4.	medium	2026-03-16
CVE-2026-32390	Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.	medium	2026-03-16
CVE-2026-32388	Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through <= 1.2.2.	medium	2026-03-16
CVE-2026-32387	Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.	medium	2026-03-16
CVE-2026-32386	Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.13.	medium	2026-03-16
CVE-2026-32385	Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.	medium	2026-03-16
CVE-2026-32384	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpBookingly service-booking-manager allows PHP Local File Inclusion.This issue affects WpBookingly: from n/a through <= 1.2.9.	high	2026-03-17
CVE-2026-32383	Missing Authorization vulnerability in raratheme Ridhi ridhi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ridhi: from n/a through <= 1.1.2.	medium	2026-03-16
CVE-2026-32382	Missing Authorization vulnerability in raratheme Digital Download digital-download allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Digital Download: from n/a through <= 1.1.4.	medium	2026-03-16
CVE-2026-32381	Missing Authorization vulnerability in raratheme App Landing Page app-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App Landing Page: from n/a through <= 1.2.2.	medium	2026-03-16
CVE-2026-32380	Missing Authorization vulnerability in raratheme Numinous numinous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Numinous: from n/a through <= 1.3.0.	medium	2026-03-16
CVE-2026-32379	Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.	medium	2026-03-16
CVE-2026-32378	Missing Authorization vulnerability in raratheme Book Landing Page book-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Landing Page: from n/a through <= 1.2.7.	medium	2026-03-16
CVE-2026-32377	Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.	medium	2026-03-16
CVE-2026-32376	Missing Authorization vulnerability in raratheme Kalon kalon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalon: from n/a through <= 1.2.9.	medium	2026-03-16
CVE-2026-32375	Missing Authorization vulnerability in raratheme Travel Diaries travel-diaries allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Diaries: from n/a through <= 1.2.4.	medium	2026-03-16
CVE-2026-32374	Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through <= 1.2.9.	medium	2026-03-16
CVE-2026-32373	Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.9.0.	medium	2026-03-16
CVE-2026-32372	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.	medium	2026-03-17
CVE-2026-32371	Missing Authorization vulnerability in raratheme Elegant Pink elegant-pink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elegant Pink: from n/a through <= 1.3.3.	medium	2026-03-16
CVE-2026-32370	Missing Authorization vulnerability in raratheme Influencer influencer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Influencer: from n/a through <= 1.1.7.	medium	2026-03-16
CVE-2026-32369	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through < 2.0.7.	high	2026-03-16
CVE-2026-32368	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.	high	2026-03-16
CVE-2026-32367	Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <= 3.5.16.	critical	2026-03-16
CVE-2026-32366	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= 3.0.9.	high	2026-03-16
CVE-2026-32365	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.	high	2026-03-16

Detections

Analytics

Newest CVEs

medium

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

high

high

medium

medium

medium

medium

medium

high

high

medium

medium

medium

medium

medium

medium

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

high

critical

high

high